diff --git a/docs/security/agent/grype-25.10.1.json b/docs/security/agent/grype-25.10.1.json index 6fa1233..06de9d9 100644 --- a/docs/security/agent/grype-25.10.1.json +++ b/docs/security/agent/grype-25.10.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -164,189 +164,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -371,9 +188,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -403,7 +220,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -418,9 +235,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -438,9 +256,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -533,9 +351,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -565,7 +383,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -580,9 +398,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -600,9 +419,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -684,76 +503,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -846,9 +848,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -856,7 +858,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -891,9 +893,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -987,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1053,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1156,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1222,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1325,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1381,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1473,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1546,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1649,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1722,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1824,9 +1826,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1842,7 +1844,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1873,9 +1875,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1965,9 +1967,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1983,7 +1985,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -2014,9 +2016,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -2117,9 +2119,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2135,7 +2137,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2177,9 +2179,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2270,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2319,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2388,20 +2390,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2409,49 +2411,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2460,40 +2473,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2508,21 +2503,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2536,95 +2534,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2633,47 +2634,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2681,21 +2664,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2709,66 +2695,71 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2778,93 +2769,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2881,21 +2843,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2909,13 +2871,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2926,123 +2888,127 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.054720000000000005 + "advisories": [], + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.2 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3050,24 +3016,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3081,25 +3044,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3109,39 +3061,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3149,58 +3113,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3215,21 +3216,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3243,114 +3244,132 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.047355 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.054720000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ] @@ -3366,21 +3385,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -3394,48 +3416,45 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -3446,73 +3465,273 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-60753", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.037275 + "risk": 0.04305 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b2050fe1de2cbb81", - "name": "fluent-bit", - "version": "25.10.1", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { @@ -3539,9 +3758,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3571,7 +3790,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3605,9 +3824,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3700,9 +3919,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3732,7 +3951,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3766,9 +3985,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3850,20 +4069,23 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3871,208 +4093,176 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.1" + } }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", - "type": "rpm", + "id": "b2050fe1de2cbb81", + "name": "fluent-bit", + "version": "25.10.1", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4087,21 +4277,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4115,104 +4308,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4227,21 +4438,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4255,40 +4469,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", @@ -4304,17 +4518,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -4323,28 +4537,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4352,17 +4568,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -4384,7 +4600,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } @@ -4423,105 +4639,87 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4536,24 +4734,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4567,29 +4762,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", @@ -4605,91 +4800,73 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4697,24 +4874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4728,48 +4902,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4777,65 +4940,47 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4843,17 +4988,17 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4869,24 +5014,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4900,37 +5042,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4938,16 +5080,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4971,24 +5113,36 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -5004,16 +5158,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5022,7 +5176,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5031,12 +5185,12 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5045,8 +5199,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5064,22 +5218,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5089,12 +5232,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", @@ -5110,47 +5253,77 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.031049999999999994 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,17 +5331,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5176,7 +5349,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5184,21 +5357,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5212,37 +5388,48 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5437,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,32 +5470,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5316,16 +5502,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5348,7 +5534,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5390,20 +5576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5411,16 +5597,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5444,32 +5630,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5477,16 +5662,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5509,7 +5694,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5562,115 +5747,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "b2050fe1de2cbb81", - "name": "fluent-bit", - "version": "25.10.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5678,18 +5768,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5697,49 +5787,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5754,21 +5853,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5782,37 +5881,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5820,81 +5919,75 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5903,7 +5996,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5912,22 +6005,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5945,11 +6035,22 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5959,85 +6060,305 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b2050fe1de2cbb81", + "name": "fluent-bit", + "version": "25.10.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:85359fe22bbf8d88dc798fe2eda0f33e51fc0bf9f146cb15b310702886d25da9", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027804999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "state": "fixed", - "available": [ + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] - }, - "advisories": [ + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" + } + ], + "cwes": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6045,25 +6366,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6071,24 +6392,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -6102,28 +6420,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -6153,8 +6460,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6196,8 +6503,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6291,8 +6598,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6334,8 +6641,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6429,8 +6736,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6449,7 +6756,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6491,8 +6798,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6586,8 +6893,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6606,7 +6913,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6648,8 +6955,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6754,8 +7061,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6774,7 +7081,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6816,8 +7123,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6926,243 +7233,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7170,21 +7319,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7198,14 +7350,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7237,9 +7404,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7269,7 +7436,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7302,9 +7469,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7397,9 +7564,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7429,7 +7596,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7462,9 +7629,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7569,8 +7736,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7630,8 +7797,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7714,186 +7881,28 @@ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7902,46 +7911,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0207 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7949,7 +7971,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7957,21 +7979,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7985,14 +8007,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8002,39 +8029,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8042,61 +8069,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8111,21 +8124,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8142,10 +8155,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8156,12 +8169,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -8177,17 +8190,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -8196,46 +8209,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -8243,7 +8256,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8251,21 +8264,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8277,16 +8290,27 @@ } } ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8296,20 +8320,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8317,18 +8341,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8336,28 +8360,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8365,18 +8390,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8391,21 +8416,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -8419,13 +8444,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8459,8 +8484,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8524,8 +8549,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8630,8 +8655,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8695,8 +8720,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8801,8 +8826,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8878,8 +8903,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8961,44 +8986,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9007,52 +9026,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9074,7 +9101,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } @@ -9113,120 +9140,86 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9242,24 +9235,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -9273,137 +9263,117 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9411,7 +9381,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9419,24 +9389,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,115 +9417,149 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9573,21 +9574,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9601,13 +9605,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9641,8 +9645,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9695,8 +9699,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9775,12 +9779,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -9796,16 +9800,16 @@ ], "epss": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-5916", "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,242 +9823,57 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", - "namespace": "redhat:distro:redhat:9", - "severity": "High", - "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", - "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" - ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10069,24 +9888,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10100,13 +9916,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10117,20 +9933,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10138,17 +9954,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10157,51 +9973,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10217,21 +10042,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10245,55 +10070,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -10302,51 +10133,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -10354,7 +10187,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10362,21 +10195,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -10385,132 +10218,142 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + } } ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10526,21 +10369,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10554,117 +10400,137 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01173 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10672,7 +10538,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10680,21 +10546,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10708,56 +10577,73 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10765,31 +10651,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -10797,29 +10681,35 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -10834,21 +10724,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -10862,13 +10752,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10879,45 +10769,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10925,65 +10809,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10998,21 +10864,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11026,13 +10892,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11066,8 +10932,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11086,7 +10952,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11128,8 +10994,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11223,8 +11089,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11243,7 +11109,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11285,8 +11151,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11391,8 +11257,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11411,7 +11277,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11453,8 +11319,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11563,8 +11429,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11583,7 +11449,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11625,8 +11491,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11712,20 +11578,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11733,47 +11599,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11781,18 +11665,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11807,21 +11691,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11835,116 +11722,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11952,7 +11844,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11960,21 +11852,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11988,137 +11883,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12126,21 +12034,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12154,122 +12065,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12277,21 +12205,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12305,92 +12236,98 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -12398,34 +12335,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -12441,21 +12372,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12469,13 +12400,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12486,20 +12417,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12507,18 +12438,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12526,47 +12457,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12581,21 +12517,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12609,103 +12545,90 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12713,16 +12636,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12731,7 +12654,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12740,22 +12663,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -12772,12 +12692,23 @@ "licenses": [ "ASL 2.0" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -12787,20 +12718,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12808,60 +12739,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -12870,22 +12791,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12900,24 +12839,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12931,142 +12867,127 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, + ], + "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13082,24 +13003,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13113,139 +13031,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13253,24 +13143,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13284,141 +13171,126 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -13435,21 +13307,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -13463,13 +13335,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13480,20 +13352,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13501,18 +13373,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -13520,41 +13392,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13562,18 +13421,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13594,7 +13453,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13655,9 +13514,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13687,7 +13546,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13721,9 +13580,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13816,9 +13675,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13848,7 +13707,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13882,9 +13741,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13938,28 +13797,196 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13989,8 +14016,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14048,7 +14075,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -14073,8 +14104,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14168,8 +14199,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14242,8 +14273,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14314,98 +14345,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -14421,21 +14455,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14449,13 +14486,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14466,98 +14503,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034999999999999996 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14565,21 +14613,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14593,14 +14644,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14610,88 +14672,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14706,21 +14782,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14734,23 +14813,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14762,88 +14845,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14858,21 +14955,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14886,23 +14986,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14914,107 +15018,98 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15022,7 +15117,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15030,24 +15125,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2026-24883", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15061,19 +15153,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15083,106 +15170,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -15191,7 +15262,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15199,24 +15270,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -15230,19 +15298,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15252,108 +15315,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15368,24 +15411,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15399,17 +15439,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15421,108 +15467,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15537,24 +15563,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15568,17 +15591,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15590,101 +15619,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15692,7 +15728,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15700,24 +15736,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15731,14 +15767,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15748,101 +15789,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15858,24 +15906,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15889,23 +15937,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15917,101 +15959,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16027,24 +16076,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16058,27 +16107,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16090,101 +16129,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16200,24 +16246,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16231,27 +16277,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16285,9 +16321,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16317,7 +16353,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16348,9 +16384,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16443,9 +16479,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16475,7 +16511,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16506,9 +16542,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16590,20 +16626,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16611,18 +16647,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -16630,43 +16666,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16674,18 +16695,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -16700,21 +16721,21 @@ "version": "9.6" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -16728,13 +16749,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -16745,104 +16766,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16858,24 +16874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -16889,121 +16902,118 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -17011,7 +17021,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17019,158 +17029,149 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "zlib and Boost" + ], + "cpes": [ + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -17186,21 +17187,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17214,111 +17218,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00145 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17326,21 +17348,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17354,17 +17379,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -17782,7 +17818,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17961,107 +17997,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.10.1.md b/docs/security/agent/grype-25.10.1.md index b86c32c..79470e7 100644 --- a/docs/security/agent/grype-25.10.1.md +++ b/docs/security/agent/grype-25.10.1.md @@ -10,31 +10,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.10.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.10.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -58,23 +58,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -85,35 +84,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.10.json b/docs/security/agent/grype-25.10.10.json index e1ceb67..6befde6 100644 --- a/docs/security/agent/grype-25.10.10.json +++ b/docs/security/agent/grype-25.10.10.json @@ -1,188 +1,5 @@ { "matches": [ - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -207,9 +24,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -239,7 +56,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -254,9 +71,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -274,9 +92,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -369,9 +187,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -401,7 +219,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -416,9 +234,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -436,9 +255,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -520,76 +339,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -682,9 +684,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -692,7 +694,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -727,9 +729,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -823,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -889,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -992,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1058,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1161,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1217,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1309,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1382,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1485,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1558,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1660,9 +1662,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1678,7 +1680,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1709,9 +1711,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1801,9 +1803,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1819,7 +1821,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1850,9 +1852,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1953,9 +1955,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -1971,7 +1973,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2013,9 +2015,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2106,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2155,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2224,20 +2226,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2245,49 +2247,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2296,40 +2309,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2344,21 +2339,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2372,95 +2370,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2469,47 +2470,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2517,21 +2500,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2545,66 +2531,71 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2614,93 +2605,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2717,21 +2679,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2745,13 +2707,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2762,39 +2724,45 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2802,58 +2770,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2868,21 +2852,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2896,56 +2880,68 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2953,63 +2949,711 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" - } - ], - "cwes": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-1632", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.04305 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", @@ -3025,8 +3669,11 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], @@ -3101,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ @@ -3170,37 +3817,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3224,49 +3871,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3289,7 +3936,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3331,37 +3978,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3385,49 +4032,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3450,7 +4097,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3526,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3576,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3645,38 +4292,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3685,46 +4332,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3740,161 +4387,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-1484", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3903,30 +4410,19 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" + } } ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3959,8 +4455,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ @@ -4007,8 +4503,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ @@ -4076,20 +4572,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4097,83 +4593,65 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4189,24 +4667,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4220,37 +4695,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4258,16 +4733,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4291,49 +4766,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4342,7 +4829,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4351,12 +4838,12 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4365,8 +4852,8 @@ } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4384,22 +4871,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4409,20 +4885,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4430,16 +4906,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4463,24 +4939,36 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -4496,16 +4984,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4514,7 +5002,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4523,12 +5011,12 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4537,8 +5025,8 @@ } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4556,11 +5044,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4570,12 +5069,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4591,16 +5090,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4624,32 +5123,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4657,16 +5155,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4675,7 +5173,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4684,12 +5182,12 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4698,8 +5196,8 @@ } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4717,22 +5215,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4742,20 +5229,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4763,47 +5250,64 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.031049999999999994 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,17 +5315,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4829,7 +5333,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4837,21 +5341,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4865,120 +5372,124 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } - ], - "epss": [ - { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "epss": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], - "risk": 0.028025 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5001,11 +5512,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5043,20 +5551,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5064,82 +5572,75 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.028025 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5162,11 +5663,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5230,326 +5728,167 @@ "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.10" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "af1ef2b90efeccfe", - "name": "fluent-bit", - "version": "25.10.10", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.10", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" + ], "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.10" + } }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", - "type": "rpm", + "id": "af1ef2b90efeccfe", + "name": "fluent-bit", + "version": "25.10.10", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:edfdfd9f4696c3f3ec77e8140343b14ff76148154e0ee4d9c1c489eb41b35764", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.10:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.10", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.027804999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5564,24 +5903,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5595,29 +5931,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", @@ -5633,64 +5969,49 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "percentile": 0.18364, + "date": "2026-03-09" } ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5698,25 +6019,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5724,24 +6045,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5755,28 +6073,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -5806,8 +6113,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5849,8 +6156,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -5944,8 +6251,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5987,8 +6294,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6082,8 +6389,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6102,7 +6409,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6144,8 +6451,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6239,8 +6546,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6259,7 +6566,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6301,8 +6608,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6407,8 +6714,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6427,7 +6734,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6469,8 +6776,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6579,243 +6886,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6823,21 +6972,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6851,14 +7003,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6890,9 +7057,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6922,7 +7089,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6955,9 +7122,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7050,9 +7217,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7082,7 +7249,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7115,9 +7282,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7222,8 +7389,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7283,8 +7450,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7380,8 +7547,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7401,200 +7568,55 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gcc", - "version": "11.5.0-11.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0207 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7602,7 +7624,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7610,21 +7632,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -7638,14 +7660,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7655,39 +7682,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7695,61 +7722,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7764,21 +7777,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7795,10 +7808,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7809,12 +7822,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -7830,17 +7843,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7849,46 +7862,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7896,7 +7909,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7904,21 +7917,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7932,14 +7945,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7949,20 +7973,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7970,18 +7994,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7989,28 +8013,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8018,18 +8043,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8044,21 +8069,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -8072,13 +8097,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8112,8 +8137,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8177,8 +8202,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8283,8 +8308,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8348,8 +8373,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8431,44 +8456,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8477,191 +8496,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014739999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" - ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8678,21 +8565,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8706,13 +8593,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8723,37 +8610,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8763,51 +8650,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8816,7 +8697,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8824,21 +8705,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -8852,25 +8733,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8902,9 +8772,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -8920,7 +8790,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01449 }, "relatedVulnerabilities": [ { @@ -8964,9 +8834,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -9056,9 +8926,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9094,7 +8964,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.012240000000000003 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { @@ -9143,9 +9013,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9222,38 +9092,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9262,51 +9132,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9314,7 +9185,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9322,21 +9193,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9350,55 +9221,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9407,51 +9289,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9459,7 +9350,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9467,21 +9358,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9495,72 +9386,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9569,53 +9443,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9631,21 +9512,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9659,13 +9540,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9676,38 +9557,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9716,60 +9603,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01173 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9785,21 +9665,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9813,13 +9693,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9830,39 +9710,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -9870,31 +9756,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -9902,29 +9786,35 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9939,21 +9829,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -9967,13 +9857,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9984,45 +9874,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10030,65 +9914,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10103,21 +9969,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10131,13 +9997,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10171,8 +10037,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10191,7 +10057,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10233,8 +10099,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10328,8 +10194,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10348,7 +10214,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10390,8 +10256,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10496,8 +10362,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10516,7 +10382,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10558,8 +10424,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10668,8 +10534,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10688,7 +10554,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10730,8 +10596,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10817,20 +10683,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10838,47 +10704,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10886,18 +10770,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10912,21 +10796,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10940,116 +10827,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11057,7 +10949,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11065,21 +10957,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11093,137 +10988,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11231,21 +11139,24 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11259,122 +11170,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11382,21 +11310,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11410,92 +11341,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -11503,34 +11440,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11546,21 +11477,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11574,13 +11505,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11591,20 +11522,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11612,18 +11543,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -11631,47 +11562,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11686,21 +11622,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11714,103 +11650,90 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11818,16 +11741,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -11836,7 +11759,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11845,22 +11768,19 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -11877,12 +11797,23 @@ "licenses": [ "Apache-2.0" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -11892,20 +11823,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11913,60 +11844,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -11975,22 +11896,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12005,24 +11944,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -12036,142 +11972,127 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, + ], + "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -12187,24 +12108,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12218,139 +12136,111 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12358,24 +12248,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12389,141 +12276,126 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -12540,21 +12412,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12568,13 +12440,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12585,20 +12457,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12606,18 +12478,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12625,41 +12497,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12667,18 +12526,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -12699,7 +12558,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -12760,9 +12619,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12792,7 +12651,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -12826,9 +12685,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12921,9 +12780,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12953,7 +12812,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -12987,9 +12846,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13043,28 +12902,196 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13094,8 +13121,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -13153,7 +13180,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -13178,8 +13209,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -13250,98 +13281,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -13357,21 +13391,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13385,13 +13422,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13402,98 +13439,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034999999999999996 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13501,21 +13549,24 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13529,14 +13580,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13546,88 +13608,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -13642,21 +13718,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13670,23 +13749,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -13698,88 +13781,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -13794,21 +13891,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13822,23 +13922,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -13850,107 +13954,98 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -13958,7 +14053,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13966,24 +14061,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2026-24883", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -13997,19 +14089,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14019,106 +14106,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -14127,7 +14198,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14135,24 +14206,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -14166,19 +14234,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14188,108 +14251,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14304,24 +14347,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14335,17 +14375,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14357,108 +14403,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14473,24 +14499,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14504,17 +14527,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14526,101 +14555,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14628,7 +14664,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14636,24 +14672,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14667,14 +14703,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14684,101 +14725,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14794,24 +14842,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14825,23 +14873,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -14853,101 +14895,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14963,24 +15012,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14994,27 +15043,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15026,101 +15065,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15136,24 +15182,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15167,27 +15213,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15221,9 +15257,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15253,7 +15289,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15284,9 +15320,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15379,9 +15415,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15411,7 +15447,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15442,9 +15478,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15526,20 +15562,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15547,18 +15583,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -15566,43 +15602,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15610,18 +15631,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -15636,21 +15657,21 @@ "version": "9.7" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -15664,13 +15685,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -15681,104 +15702,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15794,24 +15810,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15825,121 +15838,118 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15947,7 +15957,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15955,158 +15965,149 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4f25e605e90924ecad459e15c823be698a9bd276d9ae1fd16b8c301c3e38c09e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "zlib and Boost" + ], + "cpes": [ + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -16122,21 +16123,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16150,111 +16154,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00145 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16262,21 +16284,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16290,17 +16315,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -16726,7 +16762,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -16905,107 +16941,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.10.10.md b/docs/security/agent/grype-25.10.10.md index 3068913..705573c 100644 --- a/docs/security/agent/grype-25.10.10.md +++ b/docs/security/agent/grype-25.10.10.md @@ -9,28 +9,28 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.10.10 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.10.10 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.10 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -52,23 +52,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -79,35 +78,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.11.json b/docs/security/agent/grype-25.10.11.json index bfc92c2..605fe08 100644 --- a/docs/security/agent/grype-25.10.11.json +++ b/docs/security/agent/grype-25.10.11.json @@ -1,188 +1,5 @@ { "matches": [ - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -207,9 +24,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -239,7 +56,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -254,9 +71,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -274,9 +92,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -369,9 +187,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -401,7 +219,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -416,9 +234,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -436,9 +255,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -520,76 +339,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -682,9 +684,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -692,7 +694,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -727,9 +729,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -823,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -889,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -992,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1058,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1161,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1217,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1309,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1382,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1485,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1558,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1660,9 +1662,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1678,7 +1680,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1709,9 +1711,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1801,9 +1803,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1819,7 +1821,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1850,9 +1852,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1953,9 +1955,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -1971,7 +1973,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2013,9 +2015,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2106,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2155,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2224,20 +2226,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2245,49 +2247,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2296,40 +2309,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2344,21 +2339,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2372,95 +2370,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2469,47 +2470,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2517,21 +2500,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2545,66 +2531,71 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2614,93 +2605,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2717,21 +2679,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2745,13 +2707,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2762,39 +2724,45 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2802,58 +2770,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2868,21 +2852,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2896,56 +2880,68 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2953,63 +2949,711 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" - } - ], - "cwes": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-1632", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.04305 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", @@ -3025,8 +3669,11 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], @@ -3101,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ @@ -3170,37 +3817,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3224,49 +3871,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3289,7 +3936,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3331,37 +3978,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3385,49 +4032,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3450,7 +4097,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3526,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3576,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3645,38 +4292,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3685,46 +4332,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3740,161 +4387,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-1484", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3903,30 +4410,19 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" + } } ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3959,8 +4455,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ @@ -4007,8 +4503,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ @@ -4076,20 +4572,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4097,83 +4593,65 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4189,24 +4667,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4220,37 +4695,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4258,16 +4733,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4291,49 +4766,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4342,7 +4829,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4351,12 +4838,12 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4365,8 +4852,8 @@ } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4384,22 +4871,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4409,20 +4885,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4430,16 +4906,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4463,24 +4939,36 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -4496,16 +4984,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4514,7 +5002,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4523,12 +5011,12 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4537,8 +5025,8 @@ } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4556,11 +5044,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4570,12 +5069,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4591,16 +5090,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4624,32 +5123,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4657,16 +5155,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4675,7 +5173,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4684,12 +5182,12 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4698,8 +5196,8 @@ } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4717,22 +5215,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4742,20 +5229,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4763,47 +5250,64 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.031049999999999994 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,17 +5315,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4829,7 +5333,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4837,21 +5341,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4865,120 +5372,124 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } - ], - "epss": [ - { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "epss": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], - "risk": 0.028025 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5001,11 +5512,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5043,20 +5551,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5064,82 +5572,75 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.028025 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5162,11 +5663,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5230,326 +5728,167 @@ "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.11" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "a42b5da91e6fcde7", - "name": "fluent-bit", - "version": "25.10.11", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:ba6526ef04b3ea648e5f9dd34e9abca7cf61645ebd40a343a6e8a477b695523e", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.11", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" + ], "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.11" + } }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", - "type": "rpm", + "id": "a42b5da91e6fcde7", + "name": "fluent-bit", + "version": "25.10.11", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:ba6526ef04b3ea648e5f9dd34e9abca7cf61645ebd40a343a6e8a477b695523e", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.11:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.11", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.027804999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5564,24 +5903,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5595,29 +5931,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", @@ -5633,64 +5969,49 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "percentile": 0.18364, + "date": "2026-03-09" } ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5698,25 +6019,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5724,24 +6045,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5755,28 +6073,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -5806,8 +6113,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5849,8 +6156,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -5944,8 +6251,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5987,8 +6294,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6082,8 +6389,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6102,7 +6409,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6144,8 +6451,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6239,8 +6546,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6259,7 +6566,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6301,8 +6608,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6407,8 +6714,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6427,7 +6734,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6469,8 +6776,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6579,243 +6886,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6823,21 +6972,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6851,14 +7003,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6890,9 +7057,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6922,7 +7089,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6955,9 +7122,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7050,9 +7217,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7082,7 +7249,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7115,9 +7282,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7222,8 +7389,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7283,8 +7450,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7380,8 +7547,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7401,200 +7568,55 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gcc", - "version": "11.5.0-11.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0207 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7602,7 +7624,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7610,21 +7632,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -7638,14 +7660,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7655,39 +7682,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7695,61 +7722,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7764,21 +7777,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7795,10 +7808,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7809,12 +7822,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -7830,17 +7843,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7849,46 +7862,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7896,7 +7909,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7904,21 +7917,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7932,14 +7945,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7949,20 +7973,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7970,18 +7994,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7989,28 +8013,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8018,18 +8043,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8044,21 +8069,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -8072,13 +8097,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8112,8 +8137,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8177,8 +8202,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8283,8 +8308,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8348,8 +8373,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8431,44 +8456,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8477,191 +8496,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014739999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" - ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8678,21 +8565,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8706,13 +8593,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8723,37 +8610,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8763,51 +8650,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8816,7 +8697,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8824,21 +8705,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -8852,25 +8733,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8902,9 +8772,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -8920,7 +8790,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01449 }, "relatedVulnerabilities": [ { @@ -8964,9 +8834,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -9056,9 +8926,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9094,7 +8964,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.012240000000000003 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { @@ -9143,9 +9013,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9222,38 +9092,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9262,51 +9132,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9314,7 +9185,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9322,21 +9193,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9350,55 +9221,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9407,51 +9289,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9459,7 +9350,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9467,21 +9358,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9495,72 +9386,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9569,53 +9443,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9631,21 +9512,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9659,13 +9540,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9676,38 +9557,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9716,60 +9603,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01173 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9785,21 +9665,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9813,13 +9693,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9830,39 +9710,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -9870,31 +9756,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -9902,29 +9786,35 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9939,21 +9829,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -9967,13 +9857,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9984,45 +9874,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10030,65 +9914,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10103,21 +9969,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10131,13 +9997,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10171,8 +10037,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10191,7 +10057,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10233,8 +10099,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10328,8 +10194,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10348,7 +10214,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10390,8 +10256,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10496,8 +10362,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10516,7 +10382,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10558,8 +10424,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10668,8 +10534,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10688,7 +10554,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10730,8 +10596,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10817,20 +10683,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10838,47 +10704,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10886,18 +10770,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10912,21 +10796,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10940,116 +10827,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11057,7 +10949,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11065,21 +10957,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11093,137 +10988,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11231,21 +11139,24 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11259,122 +11170,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11382,21 +11310,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11410,92 +11341,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -11503,34 +11440,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11546,21 +11477,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11574,13 +11505,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11591,20 +11522,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11612,18 +11543,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -11631,47 +11562,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11686,21 +11622,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11714,103 +11650,90 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11818,16 +11741,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -11836,7 +11759,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11845,22 +11768,19 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -11877,12 +11797,23 @@ "licenses": [ "Apache-2.0" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -11892,20 +11823,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11913,60 +11844,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -11975,22 +11896,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12005,24 +11944,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -12036,142 +11972,127 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, + ], + "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -12187,24 +12108,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12218,139 +12136,111 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12358,24 +12248,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12389,141 +12276,126 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -12540,21 +12412,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12568,13 +12440,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12585,20 +12457,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12606,18 +12478,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12625,41 +12497,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12667,18 +12526,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -12699,7 +12558,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -12760,9 +12619,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12792,7 +12651,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -12826,9 +12685,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12921,9 +12780,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12953,7 +12812,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -12987,9 +12846,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13043,28 +12902,196 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13094,8 +13121,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -13153,7 +13180,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -13178,8 +13209,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -13250,98 +13281,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -13357,21 +13391,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13385,13 +13422,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13402,98 +13439,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034999999999999996 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13501,21 +13549,24 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13529,14 +13580,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13546,88 +13608,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -13642,21 +13718,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13670,23 +13749,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -13698,88 +13781,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -13794,21 +13891,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13822,23 +13922,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -13850,107 +13954,98 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -13958,7 +14053,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13966,24 +14061,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2026-24883", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -13997,19 +14089,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14019,106 +14106,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -14127,7 +14198,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14135,24 +14206,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -14166,19 +14234,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14188,108 +14251,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14304,24 +14347,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14335,17 +14375,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14357,108 +14403,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14473,24 +14499,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14504,17 +14527,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14526,101 +14555,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14628,7 +14664,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14636,24 +14672,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14667,14 +14703,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14684,101 +14725,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14794,24 +14842,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14825,23 +14873,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -14853,101 +14895,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14963,24 +15012,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14994,27 +15043,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15026,101 +15065,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15136,24 +15182,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15167,27 +15213,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15221,9 +15257,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15253,7 +15289,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15284,9 +15320,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15379,9 +15415,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15411,7 +15447,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15442,9 +15478,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15526,20 +15562,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15547,18 +15583,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -15566,43 +15602,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15610,18 +15631,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -15636,21 +15657,21 @@ "version": "9.7" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -15664,13 +15685,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -15681,104 +15702,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15794,24 +15810,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15825,121 +15838,118 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15947,7 +15957,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15955,158 +15965,149 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:2536b2b95bd29186aac585d5a07db1b431448a5eba8e9731493b6b897206cb14", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "zlib and Boost" + ], + "cpes": [ + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -16122,21 +16123,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16150,111 +16154,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00145 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16262,21 +16284,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16290,17 +16315,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -16726,7 +16762,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -16905,107 +16941,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.10.11.md b/docs/security/agent/grype-25.10.11.md index 5dda539..6efa336 100644 --- a/docs/security/agent/grype-25.10.11.md +++ b/docs/security/agent/grype-25.10.11.md @@ -9,28 +9,28 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.10.11 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.10.11 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.11 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -52,23 +52,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -79,35 +78,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.12.json b/docs/security/agent/grype-25.10.12.json index 25fd091..9282a34 100644 --- a/docs/security/agent/grype-25.10.12.json +++ b/docs/security/agent/grype-25.10.12.json @@ -1,188 +1,5 @@ { "matches": [ - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -207,9 +24,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -239,7 +56,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -254,9 +71,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -274,9 +92,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -369,9 +187,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -401,7 +219,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -416,9 +234,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -436,9 +255,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -520,76 +339,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -682,9 +684,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -692,7 +694,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -727,9 +729,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -823,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -889,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -992,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1058,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1161,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1217,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1309,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1382,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1485,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1558,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1660,9 +1662,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1678,7 +1680,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1709,9 +1711,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1801,9 +1803,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1819,7 +1821,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1850,9 +1852,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1953,9 +1955,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -1971,7 +1973,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2013,9 +2015,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2106,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2155,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2224,20 +2226,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2245,49 +2247,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2296,40 +2309,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2344,21 +2339,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2372,95 +2370,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2469,47 +2470,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2517,21 +2500,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2545,66 +2531,71 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2614,93 +2605,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2717,21 +2679,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2745,13 +2707,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2762,39 +2724,45 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2802,58 +2770,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2868,21 +2852,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2896,56 +2880,68 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2953,63 +2949,711 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" - } - ], - "cwes": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-1632", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.04305 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", @@ -3025,8 +3669,11 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], @@ -3101,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ @@ -3170,37 +3817,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3224,49 +3871,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3289,7 +3936,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3331,37 +3978,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3385,49 +4032,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3450,7 +4097,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3526,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3576,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3645,38 +4292,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3685,46 +4332,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3740,161 +4387,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-1484", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3903,30 +4410,19 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" + } } ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3959,8 +4455,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ @@ -4007,8 +4503,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ @@ -4076,20 +4572,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4097,83 +4593,65 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4189,24 +4667,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4220,37 +4695,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4258,16 +4733,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4291,49 +4766,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4342,7 +4829,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4351,12 +4838,12 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4365,8 +4852,8 @@ } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4384,22 +4871,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4409,20 +4885,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4430,16 +4906,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4463,24 +4939,36 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -4496,16 +4984,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4514,7 +5002,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4523,12 +5011,12 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4537,8 +5025,8 @@ } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4556,11 +5044,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4570,12 +5069,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4591,16 +5090,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4624,32 +5123,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4657,16 +5155,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4675,7 +5173,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4684,12 +5182,12 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4698,8 +5196,8 @@ } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4717,22 +5215,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4742,20 +5229,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4763,47 +5250,64 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.031049999999999994 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,17 +5315,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4829,7 +5333,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4837,21 +5341,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4865,120 +5372,124 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } - ], - "epss": [ - { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "epss": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], - "risk": 0.028025 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5001,11 +5512,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5043,20 +5551,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5064,82 +5572,75 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.028025 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5162,11 +5663,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5230,326 +5728,167 @@ "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.12" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "4a6dc1b111ad93ba", - "name": "fluent-bit", - "version": "25.10.12", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:e9c39397b6d0a90106a28d38666843c1f24cae96c8ab4e5c8bc7b267edef5ca8", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" + ], "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.12" + } }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", - "type": "rpm", + "id": "4a6dc1b111ad93ba", + "name": "fluent-bit", + "version": "25.10.12", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:e9c39397b6d0a90106a28d38666843c1f24cae96c8ab4e5c8bc7b267edef5ca8", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.12:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.027804999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5564,24 +5903,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5595,29 +5931,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", @@ -5633,64 +5969,49 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "percentile": 0.18364, + "date": "2026-03-09" } ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5698,25 +6019,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5724,24 +6045,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5755,28 +6073,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -5806,8 +6113,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5849,8 +6156,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -5944,8 +6251,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5987,8 +6294,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6082,8 +6389,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6102,7 +6409,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6144,8 +6451,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6239,8 +6546,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6259,7 +6566,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6301,8 +6608,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6407,8 +6714,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6427,7 +6734,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6469,8 +6776,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6579,243 +6886,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6823,21 +6972,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6851,14 +7003,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6890,9 +7057,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6922,7 +7089,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6955,9 +7122,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7050,9 +7217,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7082,7 +7249,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7115,9 +7282,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7222,8 +7389,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7283,8 +7450,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7380,8 +7547,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7401,200 +7568,55 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gcc", - "version": "11.5.0-11.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0207 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7602,7 +7624,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7610,21 +7632,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -7638,14 +7660,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7655,39 +7682,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7695,61 +7722,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7764,21 +7777,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7795,10 +7808,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7809,12 +7822,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -7830,17 +7843,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7849,46 +7862,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7896,7 +7909,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7904,21 +7917,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7932,14 +7945,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7949,20 +7973,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7970,18 +7994,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7989,28 +8013,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8018,18 +8043,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8044,21 +8069,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -8072,13 +8097,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8112,8 +8137,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8177,8 +8202,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8283,8 +8308,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8348,8 +8373,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8431,44 +8456,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8477,191 +8496,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014739999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" - ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8678,21 +8565,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8706,13 +8593,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8723,37 +8610,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8763,51 +8650,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8816,7 +8697,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8824,21 +8705,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -8852,25 +8733,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8902,9 +8772,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -8920,7 +8790,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01449 }, "relatedVulnerabilities": [ { @@ -8964,9 +8834,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -9056,9 +8926,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9094,7 +8964,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.012240000000000003 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { @@ -9143,9 +9013,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9222,38 +9092,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9262,51 +9132,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9314,7 +9185,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9322,21 +9193,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9350,55 +9221,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9407,51 +9289,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9459,7 +9350,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9467,21 +9358,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9495,72 +9386,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9569,53 +9443,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9631,21 +9512,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9659,13 +9540,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9676,38 +9557,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9716,60 +9603,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01173 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9785,21 +9665,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9813,13 +9693,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9830,39 +9710,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -9870,31 +9756,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -9902,29 +9786,35 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9939,21 +9829,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -9967,13 +9857,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9984,45 +9874,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10030,65 +9914,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10103,21 +9969,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10131,13 +9997,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10171,8 +10037,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10191,7 +10057,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10233,8 +10099,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10328,8 +10194,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10348,7 +10214,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10390,8 +10256,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10496,8 +10362,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10516,7 +10382,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10558,8 +10424,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10668,8 +10534,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10688,7 +10554,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10730,8 +10596,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10817,20 +10683,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10838,47 +10704,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10886,18 +10770,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10912,21 +10796,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10940,116 +10827,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11057,7 +10949,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11065,21 +10957,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11093,137 +10988,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11231,21 +11139,24 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11259,122 +11170,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11382,21 +11310,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11410,92 +11341,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -11503,34 +11440,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11546,21 +11477,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11574,13 +11505,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11591,20 +11522,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11612,18 +11543,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -11631,47 +11562,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11686,21 +11622,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11714,103 +11650,90 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11818,16 +11741,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -11836,7 +11759,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11845,22 +11768,19 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -11877,12 +11797,23 @@ "licenses": [ "Apache-2.0" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -11892,20 +11823,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11913,60 +11844,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -11975,22 +11896,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12005,24 +11944,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -12036,142 +11972,127 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, + ], + "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -12187,24 +12108,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12218,139 +12136,111 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12358,24 +12248,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12389,141 +12276,126 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -12540,21 +12412,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12568,13 +12440,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12585,20 +12457,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12606,18 +12478,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12625,41 +12497,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12667,18 +12526,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -12699,7 +12558,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -12760,9 +12619,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12792,7 +12651,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -12826,9 +12685,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12921,9 +12780,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12953,7 +12812,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -12987,9 +12846,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13043,28 +12902,196 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13094,8 +13121,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -13153,7 +13180,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -13178,8 +13209,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -13250,98 +13281,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -13357,21 +13391,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13385,13 +13422,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13402,98 +13439,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034999999999999996 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13501,21 +13549,24 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13529,14 +13580,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13546,88 +13608,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -13642,21 +13718,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13670,23 +13749,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -13698,88 +13781,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -13794,21 +13891,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13822,23 +13922,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -13850,107 +13954,98 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -13958,7 +14053,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13966,24 +14061,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2026-24883", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -13997,19 +14089,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14019,106 +14106,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -14127,7 +14198,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14135,24 +14206,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -14166,19 +14234,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14188,108 +14251,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14304,24 +14347,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14335,17 +14375,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14357,108 +14403,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14473,24 +14499,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14504,17 +14527,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14526,101 +14555,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14628,7 +14664,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14636,24 +14672,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14667,14 +14703,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14684,101 +14725,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14794,24 +14842,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14825,23 +14873,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -14853,101 +14895,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14963,24 +15012,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14994,27 +15043,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15026,101 +15065,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15136,24 +15182,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15167,27 +15213,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15221,9 +15257,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15253,7 +15289,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15284,9 +15320,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15379,9 +15415,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15411,7 +15447,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15442,9 +15478,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15526,20 +15562,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15547,18 +15583,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -15566,43 +15602,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15610,18 +15631,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -15636,21 +15657,21 @@ "version": "9.7" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -15664,13 +15685,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -15681,104 +15702,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15794,24 +15810,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15825,121 +15838,118 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15947,7 +15957,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15955,158 +15965,149 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7617dc3feb29ee65aa739adb3243aa7d614a5acb15489ecf0e0d24db535e63c7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "zlib and Boost" + ], + "cpes": [ + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -16122,21 +16123,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16150,111 +16154,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00145 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16262,21 +16284,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16290,17 +16315,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -16726,7 +16762,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -16905,107 +16941,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.10.12.md b/docs/security/agent/grype-25.10.12.md index a799f67..34a7b2d 100644 --- a/docs/security/agent/grype-25.10.12.md +++ b/docs/security/agent/grype-25.10.12.md @@ -9,28 +9,28 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.10.12 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.10.12 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.12 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -52,23 +52,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -79,35 +78,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.2.json b/docs/security/agent/grype-25.10.2.json index 580fed4..1ddb941 100644 --- a/docs/security/agent/grype-25.10.2.json +++ b/docs/security/agent/grype-25.10.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -164,189 +164,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -371,9 +188,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -403,7 +220,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -418,9 +235,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -438,9 +256,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -533,9 +351,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -565,7 +383,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -580,9 +398,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -600,9 +419,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -684,76 +503,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -846,9 +848,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -856,7 +858,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -891,9 +893,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -987,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1053,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1156,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1222,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1325,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1381,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1473,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1546,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1649,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1722,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1824,9 +1826,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1842,7 +1844,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1873,9 +1875,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1965,9 +1967,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1983,7 +1985,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -2014,9 +2016,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -2117,9 +2119,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2135,7 +2137,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2177,9 +2179,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2270,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2319,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2388,20 +2390,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2409,49 +2411,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2460,40 +2473,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2508,21 +2503,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2536,95 +2534,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2633,47 +2634,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2681,21 +2664,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2709,66 +2695,71 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2778,93 +2769,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2881,21 +2843,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2909,13 +2871,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2926,123 +2888,127 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.054720000000000005 + "advisories": [], + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.2 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3050,24 +3016,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3081,25 +3044,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3109,39 +3061,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3149,58 +3113,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3215,21 +3216,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3243,114 +3244,132 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.047355 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.054720000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ] @@ -3366,21 +3385,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -3394,48 +3416,45 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -3446,73 +3465,273 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-60753", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.037275 + "risk": 0.04305 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "04d33236b6f59eb8", - "name": "fluent-bit", - "version": "25.10.2", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { @@ -3539,9 +3758,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3571,7 +3790,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3605,9 +3824,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3700,9 +3919,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3732,7 +3951,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3766,9 +3985,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3850,20 +4069,23 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3871,208 +4093,176 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.2" + } }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", - "type": "rpm", + "id": "04d33236b6f59eb8", + "name": "fluent-bit", + "version": "25.10.2", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.2", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4087,21 +4277,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4115,104 +4308,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4227,21 +4438,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4255,40 +4469,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", @@ -4304,17 +4518,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -4323,28 +4537,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4352,17 +4568,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -4384,7 +4600,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } @@ -4423,105 +4639,87 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4536,24 +4734,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4567,29 +4762,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", @@ -4605,91 +4800,73 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4697,24 +4874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4728,48 +4902,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4777,65 +4940,47 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4843,17 +4988,17 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4869,24 +5014,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4900,37 +5042,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4938,16 +5080,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4971,24 +5113,36 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -5004,16 +5158,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5022,7 +5176,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5031,12 +5185,12 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5045,8 +5199,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5064,22 +5218,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5089,12 +5232,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", @@ -5110,47 +5253,77 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.031049999999999994 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,17 +5331,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5176,7 +5349,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5184,21 +5357,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5212,37 +5388,48 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5437,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,32 +5470,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5316,16 +5502,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5348,7 +5534,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5390,20 +5576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5411,16 +5597,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5444,32 +5630,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5477,16 +5662,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5509,7 +5694,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5562,115 +5747,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "04d33236b6f59eb8", - "name": "fluent-bit", - "version": "25.10.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5678,18 +5768,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5697,49 +5787,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5754,21 +5853,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5782,37 +5881,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5820,81 +5919,75 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5903,7 +5996,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5912,22 +6005,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5945,11 +6035,22 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5959,85 +6060,305 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "04d33236b6f59eb8", + "name": "fluent-bit", + "version": "25.10.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8c483867683f9ad70c236c20de2a124650edce5d21c042055b1b9377363db822", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027804999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "state": "fixed", - "available": [ + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] - }, - "advisories": [ + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" + } + ], + "cwes": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6045,25 +6366,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6071,24 +6392,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -6102,28 +6420,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -6153,8 +6460,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6196,8 +6503,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6291,8 +6598,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6334,8 +6641,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6429,8 +6736,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6449,7 +6756,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6491,8 +6798,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6586,8 +6893,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6606,7 +6913,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6648,8 +6955,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6754,8 +7061,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6774,7 +7081,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6816,8 +7123,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6926,243 +7233,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7170,21 +7319,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7198,14 +7350,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7237,9 +7404,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7269,7 +7436,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7302,9 +7469,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7397,9 +7564,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7429,7 +7596,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7462,9 +7629,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7569,8 +7736,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7630,8 +7797,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7714,186 +7881,28 @@ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7902,46 +7911,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0207 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7949,7 +7971,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7957,21 +7979,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7985,14 +8007,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8002,39 +8029,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8042,61 +8069,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8111,21 +8124,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8142,10 +8155,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8156,12 +8169,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -8177,17 +8190,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -8196,46 +8209,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -8243,7 +8256,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8251,21 +8264,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8277,16 +8290,27 @@ } } ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8296,20 +8320,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8317,18 +8341,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8336,28 +8360,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8365,18 +8390,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8391,21 +8416,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -8419,13 +8444,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8459,8 +8484,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8524,8 +8549,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8630,8 +8655,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8695,8 +8720,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8801,8 +8826,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8878,8 +8903,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8961,44 +8986,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9007,52 +9026,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9074,7 +9101,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } @@ -9113,120 +9140,86 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9242,24 +9235,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -9273,137 +9263,117 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9411,7 +9381,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9419,24 +9389,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,115 +9417,149 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9573,21 +9574,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9601,13 +9605,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9641,8 +9645,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9695,8 +9699,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9775,12 +9779,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -9796,16 +9800,16 @@ ], "epss": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-5916", "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,242 +9823,57 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", - "namespace": "redhat:distro:redhat:9", - "severity": "High", - "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", - "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" - ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10069,24 +9888,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10100,13 +9916,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10117,20 +9933,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10138,17 +9954,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10157,51 +9973,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10217,21 +10042,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10245,55 +10070,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -10302,51 +10133,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -10354,7 +10187,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10362,21 +10195,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -10385,132 +10218,142 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + } } ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10526,21 +10369,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10554,117 +10400,137 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01173 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10672,7 +10538,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10680,21 +10546,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10708,56 +10577,73 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10765,31 +10651,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -10797,29 +10681,35 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -10834,21 +10724,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -10862,13 +10752,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10879,45 +10769,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10925,65 +10809,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10998,21 +10864,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11026,13 +10892,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11066,8 +10932,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11086,7 +10952,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11128,8 +10994,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11223,8 +11089,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11243,7 +11109,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11285,8 +11151,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11391,8 +11257,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11411,7 +11277,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11453,8 +11319,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11563,8 +11429,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11583,7 +11449,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11625,8 +11491,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11712,20 +11578,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11733,47 +11599,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11781,18 +11665,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11807,21 +11691,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11835,116 +11722,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11952,7 +11844,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11960,21 +11852,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11988,137 +11883,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12126,21 +12034,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12154,122 +12065,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12277,21 +12205,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12305,92 +12236,98 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -12398,34 +12335,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -12441,21 +12372,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12469,13 +12400,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12486,20 +12417,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12507,18 +12438,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12526,47 +12457,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12581,21 +12517,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12609,103 +12545,90 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12713,16 +12636,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12731,7 +12654,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12740,22 +12663,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -12772,12 +12692,23 @@ "licenses": [ "ASL 2.0" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -12787,20 +12718,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12808,60 +12739,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -12870,22 +12791,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12900,24 +12839,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12931,142 +12867,127 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, + ], + "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13082,24 +13003,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13113,139 +13031,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13253,24 +13143,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13284,141 +13171,126 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -13435,21 +13307,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -13463,13 +13335,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13480,20 +13352,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13501,18 +13373,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -13520,41 +13392,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13562,18 +13421,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13594,7 +13453,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13655,9 +13514,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13687,7 +13546,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13721,9 +13580,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13816,9 +13675,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13848,7 +13707,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13882,9 +13741,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13938,28 +13797,196 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13989,8 +14016,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14048,7 +14075,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -14073,8 +14104,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14168,8 +14199,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14242,8 +14273,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14314,98 +14345,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -14421,21 +14455,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14449,13 +14486,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14466,98 +14503,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034999999999999996 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14565,21 +14613,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14593,14 +14644,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14610,88 +14672,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14706,21 +14782,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14734,23 +14813,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14762,88 +14845,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14858,21 +14955,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14886,23 +14986,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14914,107 +15018,98 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15022,7 +15117,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15030,24 +15125,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2026-24883", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15061,19 +15153,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15083,106 +15170,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -15191,7 +15262,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15199,24 +15270,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -15230,19 +15298,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15252,108 +15315,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15368,24 +15411,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15399,17 +15439,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15421,108 +15467,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15537,24 +15563,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15568,17 +15591,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15590,101 +15619,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15692,7 +15728,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15700,24 +15736,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15731,14 +15767,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15748,101 +15789,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15858,24 +15906,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15889,23 +15937,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15917,101 +15959,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16027,24 +16076,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16058,27 +16107,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16090,101 +16129,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16200,24 +16246,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16231,27 +16277,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16285,9 +16321,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16317,7 +16353,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16348,9 +16384,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16443,9 +16479,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16475,7 +16511,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16506,9 +16542,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16590,20 +16626,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16611,18 +16647,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -16630,43 +16666,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16674,18 +16695,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -16700,21 +16721,21 @@ "version": "9.6" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -16728,13 +16749,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -16745,104 +16766,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16858,24 +16874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -16889,121 +16902,118 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -17011,7 +17021,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17019,158 +17029,149 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:4e593a36aa3de2f407e5210f48834c898ea266942b6f00e87e00bf330c17f0d3", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "zlib and Boost" + ], + "cpes": [ + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -17186,21 +17187,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17214,111 +17218,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00145 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17326,21 +17348,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17354,17 +17379,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -17790,7 +17826,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17969,107 +18005,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.10.2.md b/docs/security/agent/grype-25.10.2.md index 9501542..eaebcd0 100644 --- a/docs/security/agent/grype-25.10.2.md +++ b/docs/security/agent/grype-25.10.2.md @@ -10,31 +10,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.10.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.10.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -58,23 +58,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -85,35 +84,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.3.json b/docs/security/agent/grype-25.10.3.json index 44b3336..3e48cbd 100644 --- a/docs/security/agent/grype-25.10.3.json +++ b/docs/security/agent/grype-25.10.3.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -164,189 +164,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -371,9 +188,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -403,7 +220,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -418,9 +235,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -438,9 +256,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -533,9 +351,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -565,7 +383,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -580,9 +398,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -600,9 +419,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -684,76 +503,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -846,9 +848,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -856,7 +858,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -891,9 +893,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -987,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1053,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1156,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1222,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1325,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1381,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1473,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1546,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1649,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1722,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1824,9 +1826,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1842,7 +1844,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1873,9 +1875,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1965,9 +1967,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1983,7 +1985,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -2014,9 +2016,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -2117,9 +2119,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2135,7 +2137,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2177,9 +2179,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2270,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2319,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2388,20 +2390,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2409,49 +2411,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2460,40 +2473,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2508,21 +2503,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2536,95 +2534,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2633,47 +2634,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2681,21 +2664,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2709,66 +2695,71 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2778,93 +2769,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2881,21 +2843,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2909,13 +2871,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2926,123 +2888,127 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.054720000000000005 + "advisories": [], + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.2 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3050,24 +3016,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3081,25 +3044,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3109,39 +3061,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3149,58 +3113,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3215,21 +3216,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3243,114 +3244,132 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.047355 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.054720000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ] @@ -3366,21 +3385,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -3394,48 +3416,45 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -3446,73 +3465,273 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-60753", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.037275 + "risk": 0.04305 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.3" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58605501f0a6c108", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { @@ -3539,9 +3758,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3571,7 +3790,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3605,9 +3824,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3700,9 +3919,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3732,7 +3951,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3766,9 +3985,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3850,20 +4069,23 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3871,208 +4093,176 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.3" + } }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", - "type": "rpm", + "id": "58605501f0a6c108", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4087,21 +4277,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4115,104 +4308,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4227,21 +4438,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4255,40 +4469,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", @@ -4304,17 +4518,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -4323,28 +4537,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4352,17 +4568,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -4384,7 +4600,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } @@ -4423,105 +4639,87 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4536,24 +4734,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4567,29 +4762,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", @@ -4605,91 +4800,73 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4697,24 +4874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4728,48 +4902,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4777,65 +4940,47 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4843,17 +4988,17 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4869,24 +5014,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4900,37 +5042,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4938,16 +5080,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4971,24 +5113,36 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -5004,16 +5158,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5022,7 +5176,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5031,12 +5185,12 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5045,8 +5199,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5064,22 +5218,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5089,12 +5232,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", @@ -5110,47 +5253,77 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.031049999999999994 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,17 +5331,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5176,7 +5349,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5184,21 +5357,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5212,37 +5388,48 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5437,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,32 +5470,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5316,16 +5502,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5348,7 +5534,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5390,20 +5576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5411,16 +5597,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5444,32 +5630,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5477,16 +5662,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5509,7 +5694,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5562,115 +5747,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "58605501f0a6c108", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5678,18 +5768,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5697,49 +5787,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5754,21 +5853,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5782,37 +5881,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5820,81 +5919,75 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5903,7 +5996,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5912,22 +6005,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5945,11 +6035,22 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5959,85 +6060,305 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "58605501f0a6c108", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:26ca8b641aa20fd11cb012e21a8e06369a7711dcbe127d681973faaff87434a3", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027804999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "state": "fixed", - "available": [ + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] - }, - "advisories": [ + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" + } + ], + "cwes": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6045,25 +6366,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6071,24 +6392,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -6102,28 +6420,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -6153,8 +6460,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6196,8 +6503,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6291,8 +6598,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6334,8 +6641,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6429,8 +6736,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6449,7 +6756,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6491,8 +6798,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6586,8 +6893,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6606,7 +6913,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6648,8 +6955,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6754,8 +7061,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6774,7 +7081,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6816,8 +7123,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6926,243 +7233,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7170,21 +7319,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7198,14 +7350,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7237,9 +7404,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7269,7 +7436,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7302,9 +7469,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7397,9 +7564,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7429,7 +7596,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7462,9 +7629,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7569,8 +7736,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7630,8 +7797,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7714,186 +7881,28 @@ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7902,46 +7911,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0207 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7949,7 +7971,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7957,21 +7979,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7985,14 +8007,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8002,39 +8029,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8042,61 +8069,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8111,21 +8124,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8142,10 +8155,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8156,12 +8169,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -8177,17 +8190,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -8196,46 +8209,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -8243,7 +8256,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8251,21 +8264,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8277,16 +8290,27 @@ } } ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8296,20 +8320,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8317,18 +8341,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8336,28 +8360,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8365,18 +8390,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8391,21 +8416,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -8419,13 +8444,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8459,8 +8484,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8524,8 +8549,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8630,8 +8655,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8695,8 +8720,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8801,8 +8826,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8878,8 +8903,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8961,44 +8986,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9007,52 +9026,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9074,7 +9101,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } @@ -9113,120 +9140,86 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9242,24 +9235,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -9273,137 +9263,117 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9411,7 +9381,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9419,24 +9389,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,115 +9417,149 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9573,21 +9574,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9601,13 +9605,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9641,8 +9645,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9695,8 +9699,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9775,12 +9779,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -9796,16 +9800,16 @@ ], "epss": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-5916", "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,242 +9823,57 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", - "namespace": "redhat:distro:redhat:9", - "severity": "High", - "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", - "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" - ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10069,24 +9888,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10100,13 +9916,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10117,20 +9933,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10138,17 +9954,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10157,51 +9973,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10217,21 +10042,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10245,55 +10070,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -10302,51 +10133,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -10354,7 +10187,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10362,21 +10195,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -10385,132 +10218,142 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + } } ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10526,21 +10369,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10554,117 +10400,137 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01173 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10672,7 +10538,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10680,21 +10546,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10708,56 +10577,73 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10765,31 +10651,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -10797,29 +10681,35 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -10834,21 +10724,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -10862,13 +10752,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10879,45 +10769,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10925,65 +10809,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10998,21 +10864,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11026,13 +10892,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11066,8 +10932,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11086,7 +10952,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11128,8 +10994,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11223,8 +11089,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11243,7 +11109,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11285,8 +11151,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11391,8 +11257,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11411,7 +11277,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11453,8 +11319,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11563,8 +11429,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11583,7 +11449,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11625,8 +11491,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11712,20 +11578,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11733,47 +11599,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11781,18 +11665,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11807,21 +11691,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11835,116 +11722,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11952,7 +11844,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11960,21 +11852,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11988,137 +11883,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12126,21 +12034,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12154,122 +12065,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12277,21 +12205,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12305,92 +12236,98 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -12398,34 +12335,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -12441,21 +12372,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12469,13 +12400,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12486,20 +12417,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12507,18 +12438,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12526,47 +12457,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12581,21 +12517,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12609,103 +12545,90 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12713,16 +12636,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12731,7 +12654,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12740,22 +12663,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -12772,12 +12692,23 @@ "licenses": [ "ASL 2.0" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -12787,20 +12718,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12808,60 +12739,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -12870,22 +12791,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12900,24 +12839,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12931,142 +12867,127 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, + ], + "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13082,24 +13003,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13113,139 +13031,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13253,24 +13143,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13284,141 +13171,126 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -13435,21 +13307,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -13463,13 +13335,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13480,20 +13352,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13501,18 +13373,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -13520,41 +13392,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13562,18 +13421,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13594,7 +13453,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13655,9 +13514,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13687,7 +13546,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13721,9 +13580,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13816,9 +13675,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13848,7 +13707,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13882,9 +13741,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13938,28 +13797,196 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13989,8 +14016,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14048,7 +14075,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -14073,8 +14104,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14168,8 +14199,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14242,8 +14273,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14314,98 +14345,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -14421,21 +14455,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14449,13 +14486,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14466,98 +14503,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034999999999999996 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14565,21 +14613,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14593,14 +14644,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14610,88 +14672,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14706,21 +14782,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14734,23 +14813,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14762,88 +14845,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14858,21 +14955,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14886,23 +14986,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14914,107 +15018,98 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15022,7 +15117,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15030,24 +15125,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2026-24883", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15061,19 +15153,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15083,106 +15170,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -15191,7 +15262,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15199,24 +15270,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -15230,19 +15298,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15252,108 +15315,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15368,24 +15411,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15399,17 +15439,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15421,108 +15467,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15537,24 +15563,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15568,17 +15591,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15590,101 +15619,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15692,7 +15728,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15700,24 +15736,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15731,14 +15767,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15748,101 +15789,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15858,24 +15906,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15889,23 +15937,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15917,101 +15959,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16027,24 +16076,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16058,27 +16107,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16090,101 +16129,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16200,24 +16246,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16231,27 +16277,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16285,9 +16321,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16317,7 +16353,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16348,9 +16384,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16443,9 +16479,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16475,7 +16511,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16506,9 +16542,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16590,20 +16626,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16611,18 +16647,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -16630,43 +16666,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16674,18 +16695,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -16700,21 +16721,21 @@ "version": "9.6" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -16728,13 +16749,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -16745,104 +16766,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16858,24 +16874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -16889,121 +16902,118 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -17011,7 +17021,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17019,158 +17029,149 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8d3b97ee3d08a8955aee847c7fc620fb83979c0b0c17b3e0b0cf9da11df6b858", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "zlib and Boost" + ], + "cpes": [ + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -17186,21 +17187,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17214,111 +17218,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00145 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17326,21 +17348,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17354,17 +17379,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -17790,7 +17826,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17969,107 +18005,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.10.3.md b/docs/security/agent/grype-25.10.3.md index 73a2d10..77af1bb 100644 --- a/docs/security/agent/grype-25.10.3.md +++ b/docs/security/agent/grype-25.10.3.md @@ -10,31 +10,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -58,23 +58,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -85,35 +84,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.4.json b/docs/security/agent/grype-25.10.4.json index 441e18b..e4c900d 100644 --- a/docs/security/agent/grype-25.10.4.json +++ b/docs/security/agent/grype-25.10.4.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -164,189 +164,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -371,9 +188,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -403,7 +220,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -418,9 +235,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -438,9 +256,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -533,9 +351,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -565,7 +383,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -580,9 +398,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -600,9 +419,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -684,76 +503,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -846,9 +848,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -856,7 +858,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -891,9 +893,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -987,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1053,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1156,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1222,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1325,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1381,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1473,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1546,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1649,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1722,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1824,9 +1826,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1842,7 +1844,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1873,9 +1875,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1965,9 +1967,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1983,7 +1985,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -2014,9 +2016,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -2117,9 +2119,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2135,7 +2137,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2177,9 +2179,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2270,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2319,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2388,20 +2390,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2409,49 +2411,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2460,40 +2473,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2508,21 +2503,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2536,95 +2534,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2633,47 +2634,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2681,21 +2664,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2709,66 +2695,71 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2778,93 +2769,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2881,21 +2843,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2909,13 +2871,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2926,123 +2888,127 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.054720000000000005 + "advisories": [], + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.2 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3050,24 +3016,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3081,25 +3044,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3109,39 +3061,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3149,58 +3113,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3215,21 +3216,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3243,114 +3244,132 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.047355 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.054720000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ] @@ -3366,21 +3385,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -3394,48 +3416,45 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -3446,73 +3465,273 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-60753", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.037275 + "risk": 0.04305 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.3" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f3db967c04cd48f5", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { @@ -3539,9 +3758,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3571,7 +3790,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3605,9 +3824,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3700,9 +3919,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3732,7 +3951,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3766,9 +3985,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3850,20 +4069,23 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3871,208 +4093,176 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.3" + } }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", - "type": "rpm", + "id": "f3db967c04cd48f5", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4087,21 +4277,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4115,104 +4308,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4227,21 +4438,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4255,40 +4469,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", @@ -4304,17 +4518,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -4323,28 +4537,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4352,17 +4568,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -4384,7 +4600,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } @@ -4423,105 +4639,87 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4536,24 +4734,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4567,29 +4762,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", @@ -4605,91 +4800,73 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4697,24 +4874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4728,48 +4902,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4777,65 +4940,47 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4843,17 +4988,17 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4869,24 +5014,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4900,37 +5042,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4938,16 +5080,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4971,24 +5113,36 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -5004,16 +5158,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5022,7 +5176,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5031,12 +5185,12 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5045,8 +5199,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5064,22 +5218,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5089,12 +5232,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", @@ -5110,47 +5253,77 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.031049999999999994 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,17 +5331,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5176,7 +5349,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5184,21 +5357,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5212,37 +5388,48 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5437,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,32 +5470,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5316,16 +5502,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5348,7 +5534,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5390,20 +5576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5411,16 +5597,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5444,32 +5630,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5477,16 +5662,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5509,7 +5694,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5562,115 +5747,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "f3db967c04cd48f5", - "name": "fluent-bit", - "version": "25.10.3", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.3", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5678,18 +5768,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5697,49 +5787,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5754,21 +5853,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5782,37 +5881,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5820,81 +5919,75 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5903,7 +5996,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5912,22 +6005,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5945,11 +6035,22 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5959,85 +6060,305 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.3" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "f3db967c04cd48f5", + "name": "fluent-bit", + "version": "25.10.3", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:a458a5beade65e6a02590d6280483f23809e8bfc9945d93409ec3b8d7a6f9a07", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.3:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.3", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027804999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "state": "fixed", - "available": [ + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] - }, - "advisories": [ + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" + } + ], + "cwes": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6045,25 +6366,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6071,24 +6392,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -6102,28 +6420,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -6153,8 +6460,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6196,8 +6503,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6291,8 +6598,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6334,8 +6641,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6429,8 +6736,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6449,7 +6756,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6491,8 +6798,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6586,8 +6893,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6606,7 +6913,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6648,8 +6955,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6754,8 +7061,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6774,7 +7081,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6816,8 +7123,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6926,243 +7233,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7170,21 +7319,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7198,14 +7350,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7237,9 +7404,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7269,7 +7436,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7302,9 +7469,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7397,9 +7564,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7429,7 +7596,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7462,9 +7629,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7569,8 +7736,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7630,8 +7797,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7714,186 +7881,28 @@ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7902,46 +7911,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0207 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7949,7 +7971,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7957,21 +7979,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7985,14 +8007,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8002,39 +8029,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8042,61 +8069,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8111,21 +8124,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8142,10 +8155,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8156,12 +8169,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -8177,17 +8190,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -8196,46 +8209,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -8243,7 +8256,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8251,21 +8264,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8277,16 +8290,27 @@ } } ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8296,20 +8320,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8317,18 +8341,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8336,28 +8360,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8365,18 +8390,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8391,21 +8416,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -8419,13 +8444,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8459,8 +8484,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8524,8 +8549,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8630,8 +8655,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8695,8 +8720,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8801,8 +8826,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8878,8 +8903,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8961,44 +8986,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9007,52 +9026,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9074,7 +9101,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } @@ -9113,120 +9140,86 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9242,24 +9235,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -9273,137 +9263,117 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9411,7 +9381,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9419,24 +9389,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,115 +9417,149 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9573,21 +9574,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9601,13 +9605,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9641,8 +9645,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9695,8 +9699,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9775,12 +9779,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -9796,16 +9800,16 @@ ], "epss": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-5916", "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,242 +9823,57 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", - "namespace": "redhat:distro:redhat:9", - "severity": "High", - "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", - "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" - ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10069,24 +9888,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10100,13 +9916,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10117,20 +9933,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10138,17 +9954,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10157,51 +9973,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10217,21 +10042,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10245,55 +10070,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -10302,51 +10133,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -10354,7 +10187,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10362,21 +10195,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -10385,132 +10218,142 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + } } ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10526,21 +10369,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10554,117 +10400,137 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01173 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10672,7 +10538,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10680,21 +10546,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10708,56 +10577,73 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10765,31 +10651,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -10797,29 +10681,35 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -10834,21 +10724,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -10862,13 +10752,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10879,45 +10769,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10925,65 +10809,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10998,21 +10864,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11026,13 +10892,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11066,8 +10932,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11086,7 +10952,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11128,8 +10994,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11223,8 +11089,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11243,7 +11109,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11285,8 +11151,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11391,8 +11257,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11411,7 +11277,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11453,8 +11319,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11563,8 +11429,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11583,7 +11449,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11625,8 +11491,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11712,20 +11578,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11733,47 +11599,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11781,18 +11665,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11807,21 +11691,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11835,116 +11722,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11952,7 +11844,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11960,21 +11852,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11988,137 +11883,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12126,21 +12034,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12154,122 +12065,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12277,21 +12205,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12305,92 +12236,98 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -12398,34 +12335,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -12441,21 +12372,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12469,13 +12400,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12486,20 +12417,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12507,18 +12438,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12526,47 +12457,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12581,21 +12517,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12609,103 +12545,90 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12713,16 +12636,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12731,7 +12654,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12740,22 +12663,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -12772,12 +12692,23 @@ "licenses": [ "ASL 2.0" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -12787,20 +12718,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12808,60 +12739,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -12870,22 +12791,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12900,24 +12839,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12931,142 +12867,127 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, + ], + "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13082,24 +13003,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13113,139 +13031,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13253,24 +13143,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13284,141 +13171,126 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -13435,21 +13307,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -13463,13 +13335,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13480,20 +13352,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13501,18 +13373,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -13520,41 +13392,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13562,18 +13421,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13594,7 +13453,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13655,9 +13514,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13687,7 +13546,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13721,9 +13580,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13816,9 +13675,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13848,7 +13707,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13882,9 +13741,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13938,28 +13797,196 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13989,8 +14016,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14048,7 +14075,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -14073,8 +14104,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14168,8 +14199,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14242,8 +14273,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14314,98 +14345,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -14421,21 +14455,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14449,13 +14486,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14466,98 +14503,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034999999999999996 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14565,21 +14613,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14593,14 +14644,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14610,88 +14672,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14706,21 +14782,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14734,23 +14813,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14762,88 +14845,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14858,21 +14955,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14886,23 +14986,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14914,107 +15018,98 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15022,7 +15117,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15030,24 +15125,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2026-24883", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15061,19 +15153,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15083,106 +15170,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -15191,7 +15262,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15199,24 +15270,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -15230,19 +15298,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15252,108 +15315,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15368,24 +15411,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15399,17 +15439,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15421,108 +15467,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15537,24 +15563,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15568,17 +15591,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15590,101 +15619,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15692,7 +15728,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15700,24 +15736,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15731,14 +15767,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15748,101 +15789,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15858,24 +15906,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15889,23 +15937,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15917,101 +15959,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16027,24 +16076,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16058,27 +16107,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16090,101 +16129,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16200,24 +16246,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16231,27 +16277,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16285,9 +16321,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16317,7 +16353,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16348,9 +16384,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16443,9 +16479,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16475,7 +16511,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16506,9 +16542,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16590,20 +16626,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16611,18 +16647,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -16630,43 +16666,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16674,18 +16695,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -16700,21 +16721,21 @@ "version": "9.6" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -16728,13 +16749,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -16745,104 +16766,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16858,24 +16874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -16889,121 +16902,118 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -17011,7 +17021,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17019,158 +17029,149 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:7b91f9287059b3a8d7e313ce93791f4ea8c984401f1e1d0b066bd5a9785e2f6a", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "zlib and Boost" + ], + "cpes": [ + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -17186,21 +17187,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17214,111 +17218,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00145 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17326,21 +17348,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17354,17 +17379,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -17790,7 +17826,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17969,107 +18005,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.10.4.md b/docs/security/agent/grype-25.10.4.md index e000e01..b3dec4f 100644 --- a/docs/security/agent/grype-25.10.4.md +++ b/docs/security/agent/grype-25.10.4.md @@ -10,31 +10,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.10.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -58,23 +58,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -85,35 +84,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.5.json b/docs/security/agent/grype-25.10.5.json index da88de4..e6707d6 100644 --- a/docs/security/agent/grype-25.10.5.json +++ b/docs/security/agent/grype-25.10.5.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -164,189 +164,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -371,9 +188,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -403,7 +220,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -418,9 +235,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -438,9 +256,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -533,9 +351,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -565,7 +383,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -580,9 +398,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -600,9 +419,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -684,76 +503,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -846,9 +848,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -856,7 +858,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -891,9 +893,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -987,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1053,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1156,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1222,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1325,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1381,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1473,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1546,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1649,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1722,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1824,9 +1826,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1842,7 +1844,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1873,9 +1875,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1965,9 +1967,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1983,7 +1985,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -2014,9 +2016,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -2117,9 +2119,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2135,7 +2137,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2177,9 +2179,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2270,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2319,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2388,20 +2390,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2409,49 +2411,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2460,40 +2473,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2508,21 +2503,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2536,95 +2534,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2633,47 +2634,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2681,21 +2664,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2709,66 +2695,71 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2778,93 +2769,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2881,21 +2843,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2909,13 +2871,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2926,123 +2888,127 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.054720000000000005 + "advisories": [], + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.2 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3050,24 +3016,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3081,25 +3044,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3109,39 +3061,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3149,58 +3113,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3215,21 +3216,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3243,114 +3244,132 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.047355 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.054720000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ] @@ -3366,21 +3385,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -3394,48 +3416,45 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -3446,73 +3465,273 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-60753", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.037275 + "risk": 0.04305 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.4" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "41ad758bbe058560", - "name": "fluent-bit", - "version": "25.10.4", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.4", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { @@ -3539,9 +3758,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3571,7 +3790,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3605,9 +3824,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3700,9 +3919,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3732,7 +3951,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3766,9 +3985,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3850,20 +4069,23 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3871,208 +4093,176 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.4" + } }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", - "type": "rpm", + "id": "41ad758bbe058560", + "name": "fluent-bit", + "version": "25.10.4", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.4", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4087,21 +4277,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4115,104 +4308,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4227,21 +4438,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4255,40 +4469,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", @@ -4304,17 +4518,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -4323,28 +4537,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4352,17 +4568,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -4384,7 +4600,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } @@ -4423,105 +4639,87 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4536,24 +4734,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4567,29 +4762,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", @@ -4605,91 +4800,73 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4697,24 +4874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4728,48 +4902,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4777,65 +4940,47 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4843,17 +4988,17 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4869,24 +5014,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4900,37 +5042,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4938,16 +5080,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4971,24 +5113,36 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -5004,16 +5158,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5022,7 +5176,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5031,12 +5185,12 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5045,8 +5199,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5064,22 +5218,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5089,12 +5232,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", @@ -5110,47 +5253,77 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.031049999999999994 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,17 +5331,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5176,7 +5349,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5184,21 +5357,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5212,37 +5388,48 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5437,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,32 +5470,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5316,16 +5502,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5348,7 +5534,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5390,20 +5576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5411,16 +5597,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5444,32 +5630,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5477,16 +5662,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5509,7 +5694,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5562,115 +5747,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.4" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "41ad758bbe058560", - "name": "fluent-bit", - "version": "25.10.4", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.4", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5678,18 +5768,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5697,49 +5787,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5754,21 +5853,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5782,37 +5881,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5820,81 +5919,75 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5903,7 +5996,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5912,22 +6005,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5945,11 +6035,22 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5959,85 +6060,305 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.4" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "41ad758bbe058560", + "name": "fluent-bit", + "version": "25.10.4", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:9f3bf4dd6d390f15054d24b5455118bf68fc39b3d8d24a64e8b5c7adb864790e", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.4:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.4", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027804999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "state": "fixed", - "available": [ + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] - }, - "advisories": [ + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" + } + ], + "cwes": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6045,25 +6366,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6071,24 +6392,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -6102,28 +6420,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -6153,8 +6460,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6196,8 +6503,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6291,8 +6598,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6334,8 +6641,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6429,8 +6736,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6449,7 +6756,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6491,8 +6798,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6586,8 +6893,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6606,7 +6913,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6648,8 +6955,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6754,8 +7061,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6774,7 +7081,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6816,8 +7123,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6926,243 +7233,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7170,21 +7319,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7198,14 +7350,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7237,9 +7404,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7269,7 +7436,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7302,9 +7469,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7397,9 +7564,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7429,7 +7596,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7462,9 +7629,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7569,8 +7736,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7630,8 +7797,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7714,186 +7881,28 @@ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7902,46 +7911,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0207 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7949,7 +7971,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7957,21 +7979,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7985,14 +8007,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8002,39 +8029,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8042,61 +8069,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8111,21 +8124,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8142,10 +8155,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8156,12 +8169,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -8177,17 +8190,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -8196,46 +8209,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -8243,7 +8256,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8251,21 +8264,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8277,16 +8290,27 @@ } } ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8296,20 +8320,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8317,18 +8341,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8336,28 +8360,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8365,18 +8390,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8391,21 +8416,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -8419,13 +8444,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8459,8 +8484,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8524,8 +8549,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8630,8 +8655,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8695,8 +8720,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8801,8 +8826,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8878,8 +8903,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8961,44 +8986,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9007,52 +9026,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9074,7 +9101,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } @@ -9113,120 +9140,86 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9242,24 +9235,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -9273,137 +9263,117 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9411,7 +9381,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9419,24 +9389,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,115 +9417,149 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9573,21 +9574,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9601,13 +9605,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9641,8 +9645,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9695,8 +9699,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9775,12 +9779,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -9796,16 +9800,16 @@ ], "epss": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-5916", "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,242 +9823,57 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", - "namespace": "redhat:distro:redhat:9", - "severity": "High", - "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", - "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" - ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10069,24 +9888,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10100,13 +9916,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10117,20 +9933,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10138,17 +9954,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10157,51 +9973,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10217,21 +10042,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10245,55 +10070,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -10302,51 +10133,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -10354,7 +10187,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10362,21 +10195,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -10385,132 +10218,142 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + } } ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10526,21 +10369,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10554,117 +10400,137 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01173 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10672,7 +10538,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10680,21 +10546,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10708,56 +10577,73 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10765,31 +10651,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -10797,29 +10681,35 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -10834,21 +10724,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -10862,13 +10752,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10879,45 +10769,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10925,65 +10809,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10998,21 +10864,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11026,13 +10892,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11066,8 +10932,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11086,7 +10952,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11128,8 +10994,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11223,8 +11089,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11243,7 +11109,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11285,8 +11151,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11391,8 +11257,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11411,7 +11277,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11453,8 +11319,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11563,8 +11429,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11583,7 +11449,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11625,8 +11491,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11712,20 +11578,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11733,47 +11599,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11781,18 +11665,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11807,21 +11691,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11835,116 +11722,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11952,7 +11844,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11960,21 +11852,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11988,137 +11883,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12126,21 +12034,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12154,122 +12065,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12277,21 +12205,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12305,92 +12236,98 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -12398,34 +12335,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -12441,21 +12372,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12469,13 +12400,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12486,20 +12417,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12507,18 +12438,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12526,47 +12457,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12581,21 +12517,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12609,103 +12545,90 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12713,16 +12636,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12731,7 +12654,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12740,22 +12663,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -12772,12 +12692,23 @@ "licenses": [ "ASL 2.0" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -12787,20 +12718,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12808,60 +12739,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -12870,22 +12791,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12900,24 +12839,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12931,142 +12867,127 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, + ], + "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13082,24 +13003,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13113,139 +13031,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13253,24 +13143,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13284,141 +13171,126 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -13435,21 +13307,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -13463,13 +13335,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13480,20 +13352,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13501,18 +13373,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -13520,41 +13392,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13562,18 +13421,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13594,7 +13453,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13655,9 +13514,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13687,7 +13546,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13721,9 +13580,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13816,9 +13675,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13848,7 +13707,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13882,9 +13741,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13938,28 +13797,196 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13989,8 +14016,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14048,7 +14075,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -14073,8 +14104,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14168,8 +14199,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14242,8 +14273,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14314,98 +14345,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -14421,21 +14455,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14449,13 +14486,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14466,98 +14503,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034999999999999996 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14565,21 +14613,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14593,14 +14644,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14610,88 +14672,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14706,21 +14782,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14734,23 +14813,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14762,88 +14845,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14858,21 +14955,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14886,23 +14986,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14914,107 +15018,98 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15022,7 +15117,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15030,24 +15125,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2026-24883", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15061,19 +15153,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15083,106 +15170,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -15191,7 +15262,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15199,24 +15270,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -15230,19 +15298,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15252,108 +15315,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15368,24 +15411,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15399,17 +15439,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15421,108 +15467,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15537,24 +15563,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15568,17 +15591,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15590,101 +15619,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15692,7 +15728,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15700,24 +15736,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15731,14 +15767,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15748,101 +15789,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15858,24 +15906,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15889,23 +15937,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15917,101 +15959,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16027,24 +16076,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16058,27 +16107,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16090,101 +16129,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16200,24 +16246,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16231,27 +16277,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16285,9 +16321,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16317,7 +16353,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16348,9 +16384,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16443,9 +16479,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16475,7 +16511,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16506,9 +16542,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16590,20 +16626,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16611,18 +16647,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -16630,43 +16666,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16674,18 +16695,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -16700,21 +16721,21 @@ "version": "9.6" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -16728,13 +16749,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -16745,104 +16766,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16858,24 +16874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -16889,121 +16902,118 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -17011,7 +17021,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17019,158 +17029,149 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c0b601275884eef022e92bfbc297e40f9ca0456c93622c02e860a104516d12fc", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "zlib and Boost" + ], + "cpes": [ + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -17186,21 +17187,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17214,111 +17218,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00145 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17326,21 +17348,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17354,17 +17379,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -17790,7 +17826,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17969,107 +18005,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.10.5.md b/docs/security/agent/grype-25.10.5.md index c91c205..d2d1f9e 100644 --- a/docs/security/agent/grype-25.10.5.md +++ b/docs/security/agent/grype-25.10.5.md @@ -10,31 +10,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.10.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.10.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -58,23 +58,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -85,35 +84,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.6.json b/docs/security/agent/grype-25.10.6.json index c1d1f0f..def96b1 100644 --- a/docs/security/agent/grype-25.10.6.json +++ b/docs/security/agent/grype-25.10.6.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -164,189 +164,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -371,9 +188,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -403,7 +220,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -418,9 +235,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -438,9 +256,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -533,9 +351,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -565,7 +383,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -580,9 +398,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -600,9 +419,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -684,76 +503,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -846,9 +848,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -856,7 +858,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -891,9 +893,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -987,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1053,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1156,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1222,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1325,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1381,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1473,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1546,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1649,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1722,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1824,9 +1826,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1842,7 +1844,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1873,9 +1875,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1965,9 +1967,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1983,7 +1985,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -2014,9 +2016,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -2117,9 +2119,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2135,7 +2137,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2177,9 +2179,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2270,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2319,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2388,20 +2390,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2409,49 +2411,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2460,40 +2473,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2508,21 +2503,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2536,95 +2534,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2633,47 +2634,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2681,21 +2664,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2709,66 +2695,71 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2778,93 +2769,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2881,21 +2843,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2909,13 +2871,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2926,123 +2888,127 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.054720000000000005 + "advisories": [], + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.2 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3050,24 +3016,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3081,25 +3044,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3109,39 +3061,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3149,58 +3113,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3215,21 +3216,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3243,114 +3244,132 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.047355 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.054720000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ] @@ -3366,21 +3385,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -3394,48 +3416,45 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -3446,73 +3465,273 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-60753", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.037275 + "risk": 0.04305 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.6" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7c565ae309ebd658", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { @@ -3539,9 +3758,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3571,7 +3790,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3605,9 +3824,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3700,9 +3919,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3732,7 +3951,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3766,9 +3985,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3850,20 +4069,23 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3871,208 +4093,176 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.6" + } }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", - "type": "rpm", + "id": "7c565ae309ebd658", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4087,21 +4277,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4115,104 +4308,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4227,21 +4438,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4255,40 +4469,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", @@ -4304,17 +4518,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -4323,28 +4537,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4352,17 +4568,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -4384,7 +4600,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } @@ -4423,105 +4639,87 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4536,24 +4734,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4567,29 +4762,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", @@ -4605,91 +4800,73 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4697,24 +4874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4728,48 +4902,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4777,65 +4940,47 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4843,17 +4988,17 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4869,24 +5014,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4900,37 +5042,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4938,16 +5080,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4971,24 +5113,36 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -5004,16 +5158,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5022,7 +5176,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5031,12 +5185,12 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5045,8 +5199,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5064,22 +5218,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5089,12 +5232,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", @@ -5110,47 +5253,77 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.031049999999999994 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,17 +5331,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5176,7 +5349,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5184,21 +5357,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5212,37 +5388,48 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5437,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,32 +5470,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5316,16 +5502,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5348,7 +5534,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5390,20 +5576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5411,16 +5597,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5444,32 +5630,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5477,16 +5662,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5509,7 +5694,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5562,115 +5747,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.6" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "7c565ae309ebd658", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5678,18 +5768,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5697,49 +5787,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5754,21 +5853,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5782,37 +5881,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5820,81 +5919,75 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5903,7 +5996,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5912,22 +6005,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5945,11 +6035,22 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5959,85 +6060,305 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "7c565ae309ebd658", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:974b8485f82115470b4a8342289bdb351f7fef0163cf0e9645c8ec59b03f8d2b", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027804999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "state": "fixed", - "available": [ + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] - }, - "advisories": [ + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" + } + ], + "cwes": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6045,25 +6366,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6071,24 +6392,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -6102,28 +6420,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -6153,8 +6460,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6196,8 +6503,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6291,8 +6598,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6334,8 +6641,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6429,8 +6736,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6449,7 +6756,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6491,8 +6798,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6586,8 +6893,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6606,7 +6913,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6648,8 +6955,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6754,8 +7061,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6774,7 +7081,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6816,8 +7123,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6926,243 +7233,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7170,21 +7319,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7198,14 +7350,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7237,9 +7404,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7269,7 +7436,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7302,9 +7469,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7397,9 +7564,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7429,7 +7596,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7462,9 +7629,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7569,8 +7736,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7630,8 +7797,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7714,186 +7881,28 @@ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7902,46 +7911,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0207 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7949,7 +7971,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7957,21 +7979,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7985,14 +8007,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8002,39 +8029,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8042,61 +8069,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8111,21 +8124,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8142,10 +8155,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8156,12 +8169,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -8177,17 +8190,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -8196,46 +8209,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -8243,7 +8256,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8251,21 +8264,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8277,16 +8290,27 @@ } } ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8296,20 +8320,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8317,18 +8341,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8336,28 +8360,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8365,18 +8390,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8391,21 +8416,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -8419,13 +8444,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8459,8 +8484,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8524,8 +8549,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8630,8 +8655,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8695,8 +8720,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8801,8 +8826,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8878,8 +8903,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8961,44 +8986,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9007,52 +9026,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9074,7 +9101,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } @@ -9113,120 +9140,86 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9242,24 +9235,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -9273,137 +9263,117 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9411,7 +9381,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9419,24 +9389,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,115 +9417,149 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9573,21 +9574,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9601,13 +9605,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9641,8 +9645,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9695,8 +9699,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9775,12 +9779,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -9796,16 +9800,16 @@ ], "epss": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-5916", "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,242 +9823,57 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", - "namespace": "redhat:distro:redhat:9", - "severity": "High", - "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", - "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" - ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10069,24 +9888,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10100,13 +9916,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10117,20 +9933,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10138,17 +9954,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10157,51 +9973,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10217,21 +10042,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10245,55 +10070,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -10302,51 +10133,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -10354,7 +10187,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10362,21 +10195,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -10385,132 +10218,142 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + } } ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10526,21 +10369,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10554,117 +10400,137 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01173 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10672,7 +10538,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10680,21 +10546,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10708,56 +10577,73 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10765,31 +10651,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -10797,29 +10681,35 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -10834,21 +10724,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -10862,13 +10752,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10879,45 +10769,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10925,65 +10809,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10998,21 +10864,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11026,13 +10892,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11066,8 +10932,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11086,7 +10952,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11128,8 +10994,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11223,8 +11089,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11243,7 +11109,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11285,8 +11151,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11391,8 +11257,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11411,7 +11277,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11453,8 +11319,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11563,8 +11429,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11583,7 +11449,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11625,8 +11491,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11712,20 +11578,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11733,47 +11599,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11781,18 +11665,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11807,21 +11691,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11835,116 +11722,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11952,7 +11844,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11960,21 +11852,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11988,137 +11883,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12126,21 +12034,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12154,122 +12065,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12277,21 +12205,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12305,92 +12236,98 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -12398,34 +12335,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -12441,21 +12372,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12469,13 +12400,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12486,20 +12417,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12507,18 +12438,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12526,47 +12457,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12581,21 +12517,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12609,103 +12545,90 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12713,16 +12636,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12731,7 +12654,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12740,22 +12663,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -12772,12 +12692,23 @@ "licenses": [ "ASL 2.0" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -12787,20 +12718,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12808,60 +12739,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -12870,22 +12791,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12900,24 +12839,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12931,142 +12867,127 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, + ], + "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13082,24 +13003,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13113,139 +13031,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13253,24 +13143,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13284,141 +13171,126 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -13435,21 +13307,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -13463,13 +13335,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13480,20 +13352,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13501,18 +13373,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -13520,41 +13392,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13562,18 +13421,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13594,7 +13453,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13655,9 +13514,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13687,7 +13546,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13721,9 +13580,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13816,9 +13675,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13848,7 +13707,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13882,9 +13741,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13938,28 +13797,196 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13989,8 +14016,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14048,7 +14075,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -14073,8 +14104,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14168,8 +14199,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14242,8 +14273,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14314,98 +14345,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -14421,21 +14455,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14449,13 +14486,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14466,98 +14503,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034999999999999996 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14565,21 +14613,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14593,14 +14644,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14610,88 +14672,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14706,21 +14782,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14734,23 +14813,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14762,88 +14845,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14858,21 +14955,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14886,23 +14986,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14914,107 +15018,98 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15022,7 +15117,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15030,24 +15125,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2026-24883", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15061,19 +15153,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15083,106 +15170,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -15191,7 +15262,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15199,24 +15270,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -15230,19 +15298,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15252,108 +15315,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15368,24 +15411,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15399,17 +15439,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15421,108 +15467,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15537,24 +15563,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15568,17 +15591,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15590,101 +15619,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15692,7 +15728,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15700,24 +15736,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15731,14 +15767,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15748,101 +15789,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15858,24 +15906,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15889,23 +15937,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15917,101 +15959,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16027,24 +16076,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16058,27 +16107,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16090,101 +16129,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16200,24 +16246,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16231,27 +16277,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16285,9 +16321,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16317,7 +16353,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16348,9 +16384,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16443,9 +16479,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16475,7 +16511,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16506,9 +16542,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16590,20 +16626,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16611,18 +16647,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -16630,43 +16666,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16674,18 +16695,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -16700,21 +16721,21 @@ "version": "9.6" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -16728,13 +16749,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -16745,104 +16766,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16858,24 +16874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -16889,121 +16902,118 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -17011,7 +17021,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17019,158 +17029,149 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:8523026ac9e053b9cdf90670ff69476eb16d97d29612f03ac381427d8d67a859", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "zlib and Boost" + ], + "cpes": [ + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -17186,21 +17187,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17214,111 +17218,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00145 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17326,21 +17348,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17354,17 +17379,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -17790,7 +17826,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17969,107 +18005,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.10.6.md b/docs/security/agent/grype-25.10.6.md index 3a6b7bc..072157d 100644 --- a/docs/security/agent/grype-25.10.6.md +++ b/docs/security/agent/grype-25.10.6.md @@ -10,31 +10,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -58,23 +58,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -85,35 +84,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.7.json b/docs/security/agent/grype-25.10.7.json index 20d0dd5..fd91e3b 100644 --- a/docs/security/agent/grype-25.10.7.json +++ b/docs/security/agent/grype-25.10.7.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -164,189 +164,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -371,9 +188,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -403,7 +220,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -418,9 +235,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -438,9 +256,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -533,9 +351,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -565,7 +383,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -580,9 +398,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -600,9 +419,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -684,76 +503,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -846,9 +848,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -856,7 +858,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -891,9 +893,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -987,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1053,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1156,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1222,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1325,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1381,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1473,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1546,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1649,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1722,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1824,9 +1826,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1842,7 +1844,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1873,9 +1875,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1965,9 +1967,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1983,7 +1985,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -2014,9 +2016,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -2117,9 +2119,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2135,7 +2137,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2177,9 +2179,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2270,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2319,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2388,20 +2390,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2409,49 +2411,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2460,40 +2473,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2508,21 +2503,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2536,95 +2534,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2633,47 +2634,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2681,21 +2664,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2709,66 +2695,71 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2778,93 +2769,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2881,21 +2843,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2909,13 +2871,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2926,123 +2888,127 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.054720000000000005 + "advisories": [], + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.2 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3050,24 +3016,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3081,25 +3044,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3109,39 +3061,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3149,58 +3113,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3215,21 +3216,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3243,114 +3244,132 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.047355 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.054720000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ] @@ -3366,21 +3385,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -3394,48 +3416,45 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -3446,73 +3465,273 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-60753", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.037275 + "risk": 0.04305 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.10.6" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b096a4569cbd31e", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { @@ -3539,9 +3758,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3571,7 +3790,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3605,9 +3824,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3700,9 +3919,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3732,7 +3951,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3766,9 +3985,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3850,20 +4069,23 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3871,208 +4093,176 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.6" + } }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", - "type": "rpm", + "id": "3b096a4569cbd31e", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4087,21 +4277,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4115,104 +4308,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4227,21 +4438,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4255,40 +4469,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", @@ -4304,17 +4518,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -4323,28 +4537,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4352,17 +4568,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -4384,7 +4600,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } @@ -4423,105 +4639,87 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4536,24 +4734,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4567,29 +4762,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", @@ -4605,91 +4800,73 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4697,24 +4874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4728,48 +4902,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4777,65 +4940,47 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4843,17 +4988,17 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4869,24 +5014,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4900,37 +5042,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4938,16 +5080,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4971,24 +5113,36 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -5004,16 +5158,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5022,7 +5176,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5031,12 +5185,12 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5045,8 +5199,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5064,22 +5218,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5089,12 +5232,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", @@ -5110,47 +5253,77 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.031049999999999994 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,17 +5331,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5176,7 +5349,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5184,21 +5357,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5212,37 +5388,48 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5437,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,32 +5470,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5316,16 +5502,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5348,7 +5534,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5390,20 +5576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5411,16 +5597,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5444,32 +5630,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5477,16 +5662,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5509,7 +5694,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5562,115 +5747,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.6" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "3b096a4569cbd31e", - "name": "fluent-bit", - "version": "25.10.6", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.6", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5678,18 +5768,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5697,49 +5787,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5754,21 +5853,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5782,37 +5881,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5820,81 +5919,75 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5903,7 +5996,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5912,22 +6005,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5945,11 +6035,22 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5959,85 +6060,305 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.10.6" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "3b096a4569cbd31e", + "name": "fluent-bit", + "version": "25.10.6", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4686bf7a36c7afbc24275914f077c87f0ed0eb787e6a8abe2955a2d4865979ad", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.6:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.10.6", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027804999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "state": "fixed", - "available": [ + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] - }, - "advisories": [ + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" + } + ], + "cwes": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6045,25 +6366,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6071,24 +6392,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -6102,28 +6420,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -6153,8 +6460,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6196,8 +6503,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6291,8 +6598,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6334,8 +6641,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6429,8 +6736,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6449,7 +6756,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6491,8 +6798,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6586,8 +6893,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6606,7 +6913,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6648,8 +6955,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6754,8 +7061,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6774,7 +7081,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6816,8 +7123,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6926,243 +7233,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7170,21 +7319,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7198,14 +7350,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7237,9 +7404,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7269,7 +7436,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7302,9 +7469,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7397,9 +7564,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7429,7 +7596,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7462,9 +7629,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7569,8 +7736,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7630,8 +7797,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7714,186 +7881,28 @@ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7902,46 +7911,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0207 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7949,7 +7971,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7957,21 +7979,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7985,14 +8007,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8002,39 +8029,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8042,61 +8069,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8111,21 +8124,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8142,10 +8155,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8156,12 +8169,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -8177,17 +8190,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -8196,46 +8209,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -8243,7 +8256,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8251,21 +8264,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8277,16 +8290,27 @@ } } ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8296,20 +8320,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8317,18 +8341,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8336,28 +8360,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8365,18 +8390,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8391,21 +8416,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -8419,13 +8444,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8459,8 +8484,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8524,8 +8549,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8630,8 +8655,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8695,8 +8720,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8801,8 +8826,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8878,8 +8903,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8961,44 +8986,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9007,52 +9026,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9074,7 +9101,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } @@ -9113,120 +9140,86 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9242,24 +9235,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -9273,137 +9263,117 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9411,7 +9381,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9419,24 +9389,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,115 +9417,149 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9573,21 +9574,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9601,13 +9605,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9641,8 +9645,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9695,8 +9699,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9775,12 +9779,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -9796,16 +9800,16 @@ ], "epss": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-5916", "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,242 +9823,57 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", - "namespace": "redhat:distro:redhat:9", - "severity": "High", - "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", - "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" - ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10069,24 +9888,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10100,13 +9916,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10117,20 +9933,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10138,17 +9954,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10157,51 +9973,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10217,21 +10042,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10245,55 +10070,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -10302,51 +10133,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -10354,7 +10187,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10362,21 +10195,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -10385,132 +10218,142 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + } } ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10526,21 +10369,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10554,117 +10400,137 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01173 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10672,7 +10538,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10680,21 +10546,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10708,56 +10577,73 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10765,31 +10651,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -10797,29 +10681,35 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -10834,21 +10724,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -10862,13 +10752,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10879,45 +10769,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10925,65 +10809,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10998,21 +10864,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11026,13 +10892,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11066,8 +10932,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11086,7 +10952,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11128,8 +10994,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11223,8 +11089,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11243,7 +11109,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11285,8 +11151,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11391,8 +11257,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11411,7 +11277,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11453,8 +11319,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11563,8 +11429,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11583,7 +11449,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11625,8 +11491,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11712,20 +11578,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11733,47 +11599,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11781,18 +11665,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11807,21 +11691,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11835,116 +11722,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11952,7 +11844,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11960,21 +11852,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11988,137 +11883,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12126,21 +12034,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12154,122 +12065,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12277,21 +12205,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12305,92 +12236,98 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -12398,34 +12335,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -12441,21 +12372,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12469,13 +12400,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12486,20 +12417,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12507,18 +12438,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12526,47 +12457,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12581,21 +12517,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12609,103 +12545,90 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12713,16 +12636,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12731,7 +12654,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12740,22 +12663,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -12772,12 +12692,23 @@ "licenses": [ "ASL 2.0" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -12787,20 +12718,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12808,60 +12739,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -12870,22 +12791,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12900,24 +12839,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12931,142 +12867,127 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, + ], + "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13082,24 +13003,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13113,139 +13031,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13253,24 +13143,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13284,141 +13171,126 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -13435,21 +13307,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -13463,13 +13335,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13480,20 +13352,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13501,18 +13373,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -13520,41 +13392,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13562,18 +13421,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13594,7 +13453,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13655,9 +13514,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13687,7 +13546,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13721,9 +13580,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13816,9 +13675,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13848,7 +13707,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13882,9 +13741,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13938,28 +13797,196 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13989,8 +14016,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14048,7 +14075,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -14073,8 +14104,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14168,8 +14199,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14242,8 +14273,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14314,98 +14345,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -14421,21 +14455,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14449,13 +14486,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14466,98 +14503,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034999999999999996 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14565,21 +14613,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14593,14 +14644,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14610,88 +14672,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14706,21 +14782,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14734,23 +14813,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14762,88 +14845,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14858,21 +14955,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14886,23 +14986,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14914,107 +15018,98 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15022,7 +15117,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15030,24 +15125,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2026-24883", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15061,19 +15153,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15083,106 +15170,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -15191,7 +15262,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15199,24 +15270,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -15230,19 +15298,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15252,108 +15315,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15368,24 +15411,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15399,17 +15439,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15421,108 +15467,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15537,24 +15563,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15568,17 +15591,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15590,101 +15619,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15692,7 +15728,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15700,24 +15736,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15731,14 +15767,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15748,101 +15789,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15858,24 +15906,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15889,23 +15937,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15917,101 +15959,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16027,24 +16076,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16058,27 +16107,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16090,101 +16129,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16200,24 +16246,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16231,27 +16277,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16285,9 +16321,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16317,7 +16353,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16348,9 +16384,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16443,9 +16479,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16475,7 +16511,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16506,9 +16542,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16590,20 +16626,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16611,18 +16647,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -16630,43 +16666,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16674,18 +16695,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -16700,21 +16721,21 @@ "version": "9.6" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -16728,13 +16749,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -16745,104 +16766,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16858,24 +16874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -16889,121 +16902,118 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -17011,7 +17021,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17019,158 +17029,149 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "zlib and Boost" + ], + "cpes": [ + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -17186,21 +17187,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17214,111 +17218,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00145 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17326,21 +17348,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17354,17 +17379,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -17790,7 +17826,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17969,107 +18005,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.10.7.md b/docs/security/agent/grype-25.10.7.md index 717689d..f8ea22b 100644 --- a/docs/security/agent/grype-25.10.7.md +++ b/docs/security/agent/grype-25.10.7.md @@ -10,31 +10,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.10.6 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.6 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -58,23 +58,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -85,35 +84,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.8.json b/docs/security/agent/grype-25.10.8.json index a709546..017dff0 100644 --- a/docs/security/agent/grype-25.10.8.json +++ b/docs/security/agent/grype-25.10.8.json @@ -1,188 +1,5 @@ { "matches": [ - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -207,9 +24,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -239,7 +56,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -254,9 +71,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -274,9 +92,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -369,9 +187,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -401,7 +219,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -416,9 +234,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -436,9 +255,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -520,76 +339,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -682,9 +684,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -692,7 +694,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -727,9 +729,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -823,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -889,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -992,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1058,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1161,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1217,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1309,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1382,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1485,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1558,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1660,9 +1662,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1678,7 +1680,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1709,9 +1711,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1801,9 +1803,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1819,7 +1821,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1850,9 +1852,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1953,9 +1955,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -1971,7 +1973,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2013,9 +2015,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2106,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2155,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2224,20 +2226,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2245,49 +2247,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2296,40 +2309,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2344,21 +2339,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2372,95 +2370,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2469,47 +2470,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2517,21 +2500,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2545,66 +2531,71 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2614,93 +2605,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2717,21 +2679,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2745,13 +2707,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2762,39 +2724,45 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2802,58 +2770,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2868,21 +2852,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2896,56 +2880,68 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2953,63 +2949,711 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" - } - ], - "cwes": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-1632", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.04305 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", @@ -3025,8 +3669,11 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], @@ -3101,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ @@ -3170,37 +3817,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3224,49 +3871,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3289,7 +3936,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3331,37 +3978,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3385,49 +4032,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3450,7 +4097,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3526,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3576,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3645,38 +4292,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3685,46 +4332,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3740,161 +4387,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-1484", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3903,30 +4410,19 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" + } } ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3959,8 +4455,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ @@ -4007,8 +4503,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ @@ -4076,20 +4572,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4097,83 +4593,65 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4189,24 +4667,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4220,37 +4695,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4258,16 +4733,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4291,49 +4766,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4342,7 +4829,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4351,12 +4838,12 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4365,8 +4852,8 @@ } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4384,22 +4871,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4409,20 +4885,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4430,16 +4906,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4463,24 +4939,36 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -4496,16 +4984,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4514,7 +5002,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4523,12 +5011,12 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4537,8 +5025,8 @@ } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4556,11 +5044,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4570,12 +5069,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4591,16 +5090,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4624,32 +5123,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4657,16 +5155,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4675,7 +5173,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4684,12 +5182,12 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4698,8 +5196,8 @@ } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4717,22 +5215,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4742,20 +5229,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4763,47 +5250,64 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.031049999999999994 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,17 +5315,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4829,7 +5333,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4837,21 +5341,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4865,120 +5372,124 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } - ], - "epss": [ - { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + ], + "epss": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], - "risk": 0.028025 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5001,11 +5512,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5043,20 +5551,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5064,82 +5572,75 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.028025 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5162,11 +5663,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5230,326 +5728,167 @@ "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.8" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "92b9576bd60528c3", - "name": "fluent-bit", - "version": "25.10.8", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.8", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" + ], "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.8" + } }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", - "type": "rpm", + "id": "92b9576bd60528c3", + "name": "fluent-bit", + "version": "25.10.8", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c4ec66fbc6d828e7a8ae672384704bf026f1963e08a3163cbc015821bcb5ec8f", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.8:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.8", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.027804999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5564,24 +5903,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5595,29 +5931,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", @@ -5633,64 +5969,49 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "percentile": 0.18364, + "date": "2026-03-09" } ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "cwes": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5698,25 +6019,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5724,24 +6045,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5755,28 +6073,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -5806,8 +6113,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5849,8 +6156,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -5944,8 +6251,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5987,8 +6294,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6082,8 +6389,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6102,7 +6409,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6144,8 +6451,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6239,8 +6546,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6259,7 +6566,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6301,8 +6608,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6407,8 +6714,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6427,7 +6734,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6469,8 +6776,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6579,243 +6886,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6823,21 +6972,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6851,14 +7003,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6890,9 +7057,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6922,7 +7089,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6955,9 +7122,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7050,9 +7217,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7082,7 +7249,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7115,9 +7282,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7222,8 +7389,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7283,8 +7450,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7380,8 +7547,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7401,200 +7568,55 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gcc", - "version": "11.5.0-11.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0207 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7602,7 +7624,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7610,21 +7632,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -7638,14 +7660,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7655,39 +7682,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7695,61 +7722,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7764,21 +7777,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7795,10 +7808,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7809,12 +7822,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -7830,17 +7843,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7849,46 +7862,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7896,7 +7909,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7904,21 +7917,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7932,14 +7945,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7949,20 +7973,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7970,18 +7994,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7989,28 +8013,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8018,18 +8043,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8044,21 +8069,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -8072,13 +8097,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8112,8 +8137,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8177,8 +8202,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8283,8 +8308,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8348,8 +8373,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8431,44 +8456,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8477,191 +8496,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014739999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" - ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8678,21 +8565,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8706,13 +8593,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8723,37 +8610,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8763,51 +8650,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8816,7 +8697,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8824,21 +8705,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -8852,25 +8733,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8902,9 +8772,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -8920,7 +8790,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01449 }, "relatedVulnerabilities": [ { @@ -8964,9 +8834,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -9056,9 +8926,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9094,7 +8964,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.012240000000000003 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { @@ -9143,9 +9013,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9222,38 +9092,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9262,51 +9132,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9314,7 +9185,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9322,21 +9193,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9350,55 +9221,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9407,51 +9289,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9459,7 +9350,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9467,21 +9358,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9495,72 +9386,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9569,53 +9443,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9631,21 +9512,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9659,13 +9540,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9676,38 +9557,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9716,60 +9603,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01173 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9785,21 +9665,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9813,13 +9693,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9830,39 +9710,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -9870,31 +9756,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -9902,29 +9786,35 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9939,21 +9829,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -9967,13 +9857,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9984,45 +9874,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10030,65 +9914,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10103,21 +9969,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -10131,13 +9997,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10171,8 +10037,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10191,7 +10057,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10233,8 +10099,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10328,8 +10194,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10348,7 +10214,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10390,8 +10256,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10496,8 +10362,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10516,7 +10382,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10558,8 +10424,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10668,8 +10534,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10688,7 +10554,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10730,8 +10596,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10817,20 +10683,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10838,47 +10704,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10886,18 +10770,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10912,21 +10796,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10940,116 +10827,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11057,7 +10949,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11065,21 +10957,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11093,137 +10988,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11231,21 +11139,24 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11259,122 +11170,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11382,21 +11310,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11410,92 +11341,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -11503,34 +11440,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11546,21 +11477,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11574,13 +11505,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11591,20 +11522,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11612,18 +11543,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -11631,47 +11562,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11686,21 +11622,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79cdbcbd3d61afd9", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11714,103 +11650,90 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11818,16 +11741,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -11836,7 +11759,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11845,22 +11768,19 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -11877,12 +11797,23 @@ "licenses": [ "Apache-2.0" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -11892,20 +11823,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11913,60 +11844,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -11975,22 +11896,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12005,24 +11944,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -12036,142 +11972,127 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, + ], + "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -12187,24 +12108,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12218,139 +12136,111 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12358,24 +12248,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "79cdbcbd3d61afd9", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12389,141 +12276,126 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -12540,21 +12412,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12568,13 +12440,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12585,20 +12457,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12606,18 +12478,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12625,41 +12497,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12667,18 +12526,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -12699,7 +12558,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -12760,9 +12619,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12792,7 +12651,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -12826,9 +12685,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12921,9 +12780,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12953,7 +12812,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -12987,9 +12846,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13043,28 +12902,196 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13094,8 +13121,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -13153,7 +13180,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -13178,8 +13209,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -13250,98 +13281,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -13357,21 +13391,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13385,13 +13422,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13402,98 +13439,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034999999999999996 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13501,21 +13549,24 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13529,14 +13580,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13546,88 +13608,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -13642,21 +13718,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13670,23 +13749,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -13698,88 +13781,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -13794,21 +13891,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13822,23 +13922,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -13850,107 +13954,98 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -13958,7 +14053,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13966,24 +14061,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2026-24883", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -13997,19 +14089,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14019,106 +14106,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -14127,7 +14198,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14135,24 +14206,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -14166,19 +14234,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14188,108 +14251,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14304,24 +14347,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14335,17 +14375,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14357,108 +14403,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14473,24 +14499,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14504,17 +14527,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14526,101 +14555,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14628,7 +14664,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14636,24 +14672,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14667,14 +14703,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14684,101 +14725,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14794,24 +14842,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14825,23 +14873,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -14853,101 +14895,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14963,24 +15012,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14994,27 +15043,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15026,101 +15065,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15136,24 +15182,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15167,27 +15213,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15221,9 +15257,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15253,7 +15289,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15284,9 +15320,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15379,9 +15415,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15411,7 +15447,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15442,9 +15478,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15526,20 +15562,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15547,18 +15583,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -15566,43 +15602,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15610,18 +15631,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -15636,21 +15657,21 @@ "version": "9.7" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -15664,13 +15685,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -15681,104 +15702,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15794,24 +15810,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15825,121 +15838,118 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15947,7 +15957,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15955,158 +15965,149 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:44dcbf71c90c15232bf4b80f56b0f8c466a698e03c94872658fbed89b4aed1c6", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "zlib and Boost" + ], + "cpes": [ + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -16122,21 +16123,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16150,111 +16154,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00145 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16262,21 +16284,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16290,17 +16315,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -16726,7 +16762,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -16905,107 +16941,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.10.8.md b/docs/security/agent/grype-25.10.8.md index e5c2cb8..98d2f43 100644 --- a/docs/security/agent/grype-25.10.8.md +++ b/docs/security/agent/grype-25.10.8.md @@ -9,28 +9,28 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.10.8 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.10.8 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.8 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -52,23 +52,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -79,35 +78,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.10.9.json b/docs/security/agent/grype-25.10.9.json index 17d2839..8c32f0b 100644 --- a/docs/security/agent/grype-25.10.9.json +++ b/docs/security/agent/grype-25.10.9.json @@ -1,188 +1,5 @@ { "matches": [ - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -207,9 +24,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -239,7 +56,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -254,9 +71,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -274,9 +92,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -369,9 +187,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -401,7 +219,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -416,9 +234,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -436,9 +255,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -520,76 +339,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -682,9 +684,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -692,7 +694,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -727,9 +729,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -823,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -889,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -992,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1058,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1161,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1217,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1309,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1382,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1485,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1558,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1660,9 +1662,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1678,7 +1680,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1709,9 +1711,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1801,9 +1803,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1819,7 +1821,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1850,9 +1852,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1953,9 +1955,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -1971,7 +1973,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2013,9 +2015,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2106,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2155,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2224,20 +2226,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2245,49 +2247,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2296,40 +2309,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2344,21 +2339,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2372,95 +2370,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2469,47 +2470,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2517,21 +2500,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2545,66 +2531,71 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2614,93 +2605,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2717,21 +2679,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2745,13 +2707,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2762,39 +2724,45 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2802,58 +2770,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2868,21 +2852,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -2896,56 +2880,68 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2953,63 +2949,711 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" - } - ], - "cwes": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-1632", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.04305 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", @@ -3025,8 +3669,11 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], @@ -3101,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ @@ -3170,37 +3817,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3224,49 +3871,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3289,7 +3936,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3331,37 +3978,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3385,49 +4032,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3450,7 +4097,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3526,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3576,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3645,38 +4292,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3685,46 +4332,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3740,21 +4387,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-1484", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3768,13 +4415,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3785,38 +4432,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3825,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3854,17 +4501,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3872,7 +4519,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3880,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3908,25 +4555,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3936,20 +4572,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3957,18 +4593,18 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3976,28 +4612,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4005,18 +4641,18 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -4031,21 +4667,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4059,13 +4695,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4076,20 +4712,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4097,16 +4733,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4130,49 +4766,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4195,7 +4843,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4237,20 +4885,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4258,16 +4906,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4291,49 +4939,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4356,7 +5016,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4409,12 +5069,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4430,16 +5090,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4463,32 +5123,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4496,16 +5155,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4528,7 +5187,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4570,12 +5229,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4591,16 +5250,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4624,32 +5283,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4657,16 +5315,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4689,7 +5347,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4742,160 +5400,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.031049999999999994 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4903,82 +5421,75 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.028025 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5001,11 +5512,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5043,20 +5551,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5064,82 +5572,75 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.028025 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5162,11 +5663,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5232,324 +5730,165 @@ "metrics": { "baseScore": 5.5, "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.10.9" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "20f835972e5f52cf", - "name": "fluent-bit", - "version": "25.10.9", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:376e7117cb6f040357562723990ec8ecc4af4895d62c7b82d8143dc9036ca111", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.10.9", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" + ], "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.10.9" + } }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", - "type": "rpm", + "id": "20f835972e5f52cf", + "name": "fluent-bit", + "version": "25.10.9", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:376e7117cb6f040357562723990ec8ecc4af4895d62c7b82d8143dc9036ca111", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.10.9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.10.9", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.027804999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5564,24 +5903,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5595,29 +5931,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", @@ -5633,64 +5969,49 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5698,25 +6019,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5724,24 +6045,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5755,28 +6073,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -5806,8 +6113,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5849,8 +6156,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -5944,8 +6251,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5987,8 +6294,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6082,8 +6389,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6102,7 +6409,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6144,8 +6451,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6239,8 +6546,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6259,7 +6566,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6301,8 +6608,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6407,8 +6714,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6427,7 +6734,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6469,8 +6776,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6579,243 +6886,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + { + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6823,21 +6972,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6851,14 +7003,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6890,9 +7057,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6922,7 +7089,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6955,9 +7122,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7050,9 +7217,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7082,7 +7249,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7115,9 +7282,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7222,8 +7389,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7283,8 +7450,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7380,8 +7547,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7406,195 +7573,50 @@ "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gcc", - "version": "11.5.0-11.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0207 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7602,7 +7624,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7610,21 +7632,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -7638,14 +7660,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7655,39 +7682,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7695,61 +7722,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7764,21 +7777,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7795,10 +7808,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7809,12 +7822,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -7830,17 +7843,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7849,46 +7862,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7896,7 +7909,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7904,21 +7917,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7932,14 +7945,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7949,20 +7973,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7970,18 +7994,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7989,28 +8013,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8018,18 +8043,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8044,21 +8069,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -8072,13 +8097,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8112,8 +8137,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8177,8 +8202,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8283,8 +8308,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8348,8 +8373,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8454,8 +8479,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8531,8 +8556,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8614,44 +8639,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8660,191 +8679,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014739999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" - ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8861,21 +8748,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8889,13 +8776,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8906,37 +8793,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8946,51 +8833,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8999,7 +8880,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9007,21 +8888,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -9035,25 +8916,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9085,9 +8955,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -9103,7 +8973,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01449 }, "relatedVulnerabilities": [ { @@ -9147,9 +9017,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -9239,9 +9109,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9277,7 +9147,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.012240000000000003 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { @@ -9326,9 +9196,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9405,38 +9275,38 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9445,51 +9315,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9497,7 +9368,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9505,21 +9376,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9533,55 +9404,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", + "upstreams": [ + { + "name": "coreutils", + "version": "8.32-39.el9" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9590,51 +9472,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9642,7 +9533,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9650,21 +9541,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9678,72 +9569,55 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9752,53 +9626,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 1.4, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9814,21 +9695,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9842,13 +9723,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9859,38 +9740,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9899,60 +9786,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01173 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9968,21 +9848,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9996,13 +9876,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10013,39 +9893,45 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10053,31 +9939,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -10085,29 +9969,35 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -10122,21 +10012,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -10150,13 +10040,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10167,45 +10057,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10213,65 +10097,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10286,21 +10152,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -10314,13 +10180,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10354,8 +10220,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10374,7 +10240,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10416,8 +10282,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10511,8 +10377,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10531,7 +10397,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10573,8 +10439,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10679,8 +10545,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10699,7 +10565,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10741,8 +10607,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10851,8 +10717,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10871,7 +10737,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10913,8 +10779,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11000,20 +10866,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11021,47 +10887,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11069,18 +10953,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11095,21 +10979,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11123,116 +11010,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11240,7 +11132,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11248,21 +11140,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11276,137 +11171,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11414,21 +11322,24 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "87ad778255840d3f", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11442,122 +11353,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11565,21 +11493,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11593,92 +11524,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -11686,34 +11623,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11729,21 +11660,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11757,13 +11688,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11774,20 +11705,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11795,18 +11726,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -11814,47 +11745,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11869,21 +11805,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11897,103 +11833,90 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12001,16 +11924,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12019,7 +11942,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12028,22 +11951,19 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -12060,12 +11980,23 @@ "licenses": [ "Apache-2.0" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -12075,20 +12006,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12096,60 +12027,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -12158,22 +12079,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12188,24 +12127,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "87ad778255840d3f", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -12219,142 +12155,127 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, + ], + "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -12370,24 +12291,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -12401,139 +12319,111 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12541,24 +12431,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -12572,141 +12459,126 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -12723,21 +12595,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12751,13 +12623,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12768,20 +12640,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12789,18 +12661,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12808,41 +12680,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12850,18 +12709,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -12882,7 +12741,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -12943,9 +12802,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12975,7 +12834,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13009,9 +12868,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13104,9 +12963,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13136,7 +12995,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13170,9 +13029,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13226,28 +13085,196 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13277,8 +13304,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -13336,7 +13363,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -13361,8 +13392,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -13456,8 +13487,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -13530,8 +13561,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -13602,98 +13633,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -13709,21 +13743,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13737,13 +13774,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13754,98 +13791,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034999999999999996 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13853,21 +13901,24 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "a65fe92a04ecf6ce", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13881,14 +13932,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13898,88 +13960,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -13994,21 +14070,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "eb5d2c76ed21fa8e", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "5adaf9930b0243ad", + "name": "glibc-langpack-en", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -14022,23 +14101,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -14050,88 +14133,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14146,21 +14243,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -14174,23 +14274,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -14202,107 +14306,98 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -14310,7 +14405,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14318,24 +14413,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2026-24883", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -14349,19 +14441,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14371,106 +14458,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -14479,7 +14550,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14487,24 +14558,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "a65fe92a04ecf6ce", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -14518,19 +14586,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14540,108 +14603,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14656,24 +14699,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "eb5d2c76ed21fa8e", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14687,17 +14727,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14709,108 +14755,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14825,24 +14851,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14856,17 +14879,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14878,101 +14907,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14980,7 +15016,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14988,24 +15024,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15019,14 +15055,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15036,101 +15077,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15146,24 +15194,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15177,23 +15225,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15205,101 +15247,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15315,24 +15364,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "5adaf9930b0243ad", - "name": "glibc-langpack-en", - "version": "2.34-231.el9_7.2", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15346,27 +15395,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15378,101 +15417,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15488,24 +15534,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15519,27 +15565,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15573,9 +15609,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15605,7 +15641,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15636,9 +15672,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15731,9 +15767,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15763,7 +15799,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15794,9 +15830,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15878,20 +15914,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15899,18 +15935,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -15918,43 +15954,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15962,18 +15983,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -15988,21 +16009,21 @@ "version": "9.7" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "bcbac17c560ff49d", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -16016,13 +16037,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -16033,104 +16054,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16146,24 +16162,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -16177,121 +16190,118 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16299,7 +16309,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16307,158 +16317,149 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:05848185101d68af072e5c356c3c24b41215a7fd2047ee2965a7b68b89ad9da0", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "zlib and Boost" + ], + "cpes": [ + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -16474,21 +16475,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16502,111 +16506,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00145 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16614,21 +16636,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "bcbac17c560ff49d", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16642,17 +16667,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -17078,7 +17114,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17257,107 +17293,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.10.9.md b/docs/security/agent/grype-25.10.9.md index 0756d98..c0b1173 100644 --- a/docs/security/agent/grype-25.10.9.md +++ b/docs/security/agent/grype-25.10.9.md @@ -9,29 +9,29 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.10.9 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.10.9 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.10.9 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -54,23 +54,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -81,35 +80,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.11.1.json b/docs/security/agent/grype-25.11.1.json index 7357f58..7db36ee 100644 --- a/docs/security/agent/grype-25.11.1.json +++ b/docs/security/agent/grype-25.11.1.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -164,189 +164,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -371,9 +188,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -403,7 +220,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -418,9 +235,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -438,9 +256,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -533,9 +351,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -565,7 +383,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -580,9 +398,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -600,9 +419,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -684,76 +503,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -846,9 +848,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -856,7 +858,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -891,9 +893,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -987,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1053,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1156,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1222,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1325,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1381,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1473,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1546,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1649,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1722,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1824,9 +1826,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1842,7 +1844,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1873,9 +1875,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1965,9 +1967,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1983,7 +1985,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -2014,9 +2016,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -2117,9 +2119,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2135,7 +2137,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2177,9 +2179,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2270,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2319,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2388,20 +2390,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2409,49 +2411,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2460,40 +2473,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2508,21 +2503,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2536,95 +2534,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2633,47 +2634,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2681,21 +2664,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2709,66 +2695,71 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2778,93 +2769,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2881,21 +2843,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2909,13 +2871,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2926,123 +2888,127 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.054720000000000005 + "advisories": [], + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.2 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3050,24 +3016,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3081,25 +3044,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3109,39 +3061,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3149,58 +3113,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3215,21 +3216,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3243,114 +3244,132 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.047355 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.054720000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ] @@ -3366,21 +3385,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -3394,48 +3416,45 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -3446,73 +3465,273 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-60753", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.037275 + "risk": 0.04305 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.11.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09a7526d23e50ddd", - "name": "fluent-bit", - "version": "25.11.1", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.11.1", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { @@ -3539,9 +3758,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3571,7 +3790,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3605,9 +3824,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3700,9 +3919,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3732,7 +3951,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3766,9 +3985,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3850,20 +4069,23 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3871,208 +4093,176 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.11.1" + } }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", - "type": "rpm", + "id": "09a7526d23e50ddd", + "name": "fluent-bit", + "version": "25.11.1", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.11.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4087,21 +4277,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4115,104 +4308,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4227,21 +4438,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4255,40 +4469,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", @@ -4304,17 +4518,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -4323,28 +4537,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4352,17 +4568,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -4384,7 +4600,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } @@ -4423,105 +4639,87 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4536,24 +4734,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4567,29 +4762,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", @@ -4605,91 +4800,73 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4697,24 +4874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4728,48 +4902,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4777,65 +4940,47 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4843,17 +4988,17 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4869,24 +5014,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4900,37 +5042,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4938,16 +5080,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4971,24 +5113,36 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -5004,16 +5158,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5022,7 +5176,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5031,12 +5185,12 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5045,8 +5199,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5064,22 +5218,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5089,12 +5232,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", @@ -5110,47 +5253,77 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.031049999999999994 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,17 +5331,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5176,7 +5349,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5184,21 +5357,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5212,37 +5388,48 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5437,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,32 +5470,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5316,16 +5502,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5348,7 +5534,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5390,20 +5576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5411,16 +5597,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5444,32 +5630,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5477,16 +5662,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5509,7 +5694,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5562,115 +5747,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.11.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "09a7526d23e50ddd", - "name": "fluent-bit", - "version": "25.11.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.11.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5678,18 +5768,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5697,49 +5787,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5754,21 +5853,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5782,37 +5881,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5820,81 +5919,75 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5903,7 +5996,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5912,22 +6005,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5945,11 +6035,22 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5959,85 +6060,305 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.11.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "09a7526d23e50ddd", + "name": "fluent-bit", + "version": "25.11.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:8eaec8a5fccb48364c57ce2250982e581b5252c3aa5b9d8fa6e5743a7c5aac14", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.11.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027804999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "state": "fixed", - "available": [ + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] - }, - "advisories": [ + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" + } + ], + "cwes": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6045,25 +6366,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6071,24 +6392,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -6102,28 +6420,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -6153,8 +6460,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6196,8 +6503,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6291,8 +6598,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6334,8 +6641,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6429,8 +6736,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6449,7 +6756,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6491,8 +6798,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6586,8 +6893,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6606,7 +6913,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6648,8 +6955,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6754,8 +7061,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6774,7 +7081,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6816,8 +7123,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6926,243 +7233,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7170,21 +7319,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7198,14 +7350,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7237,9 +7404,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7269,7 +7436,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7302,9 +7469,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7397,9 +7564,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7429,7 +7596,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7462,9 +7629,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7569,8 +7736,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7630,8 +7797,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7714,186 +7881,28 @@ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7902,46 +7911,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0207 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7949,7 +7971,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7957,21 +7979,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7985,14 +8007,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8002,39 +8029,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8042,61 +8069,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8111,21 +8124,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8142,10 +8155,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8156,12 +8169,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -8177,17 +8190,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -8196,46 +8209,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -8243,7 +8256,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8251,21 +8264,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8277,16 +8290,27 @@ } } ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8296,20 +8320,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8317,18 +8341,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8336,28 +8360,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8365,18 +8390,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8391,21 +8416,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -8419,13 +8444,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8459,8 +8484,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8524,8 +8549,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8630,8 +8655,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8695,8 +8720,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8801,8 +8826,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8878,8 +8903,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8961,44 +8986,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9007,52 +9026,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9074,7 +9101,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } @@ -9113,120 +9140,86 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9242,24 +9235,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -9273,137 +9263,117 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9411,7 +9381,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9419,24 +9389,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,115 +9417,149 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9573,21 +9574,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9601,13 +9605,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9641,8 +9645,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9695,8 +9699,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9775,12 +9779,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -9796,16 +9800,16 @@ ], "epss": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-5916", "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,242 +9823,57 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", - "namespace": "redhat:distro:redhat:9", - "severity": "High", - "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", - "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" - ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10069,24 +9888,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10100,13 +9916,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10117,20 +9933,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10138,17 +9954,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10157,51 +9973,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10217,21 +10042,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10245,55 +10070,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -10302,51 +10133,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -10354,7 +10187,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10362,21 +10195,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -10385,132 +10218,142 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + } } ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10526,21 +10369,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10554,117 +10400,137 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01173 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10672,7 +10538,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10680,21 +10546,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10708,56 +10577,73 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10765,31 +10651,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -10797,29 +10681,35 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -10834,21 +10724,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -10862,13 +10752,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10879,45 +10769,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10925,65 +10809,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10998,21 +10864,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11026,13 +10892,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11066,8 +10932,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11086,7 +10952,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11128,8 +10994,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11223,8 +11089,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11243,7 +11109,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11285,8 +11151,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11391,8 +11257,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11411,7 +11277,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11453,8 +11319,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11563,8 +11429,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11583,7 +11449,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11625,8 +11491,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11712,20 +11578,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11733,47 +11599,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11781,18 +11665,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11807,21 +11691,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11835,116 +11722,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11952,7 +11844,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11960,21 +11852,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11988,137 +11883,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12126,21 +12034,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12154,122 +12065,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12277,21 +12205,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12305,92 +12236,98 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -12398,34 +12335,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -12441,21 +12372,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12469,13 +12400,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12486,20 +12417,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12507,18 +12438,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12526,47 +12457,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12581,21 +12517,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12609,103 +12545,90 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12713,16 +12636,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12731,7 +12654,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12740,22 +12663,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -12772,12 +12692,23 @@ "licenses": [ "ASL 2.0" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -12787,20 +12718,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12808,60 +12739,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -12870,22 +12791,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12900,24 +12839,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12931,142 +12867,127 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, + ], + "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13082,24 +13003,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13113,139 +13031,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13253,24 +13143,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13284,141 +13171,126 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -13435,21 +13307,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -13463,13 +13335,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13480,20 +13352,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13501,18 +13373,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -13520,41 +13392,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13562,18 +13421,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13594,7 +13453,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13655,9 +13514,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13687,7 +13546,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13721,9 +13580,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13816,9 +13675,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13848,7 +13707,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13882,9 +13741,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13938,28 +13797,196 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13989,8 +14016,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14048,7 +14075,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -14073,8 +14104,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14168,8 +14199,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14242,8 +14273,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14314,98 +14345,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -14421,21 +14455,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14449,13 +14486,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14466,98 +14503,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034999999999999996 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14565,21 +14613,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14593,14 +14644,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14610,88 +14672,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14706,21 +14782,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14734,23 +14813,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14762,88 +14845,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14858,21 +14955,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14886,23 +14986,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14914,107 +15018,98 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15022,7 +15117,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15030,24 +15125,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2026-24883", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15061,19 +15153,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15083,106 +15170,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -15191,7 +15262,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15199,24 +15270,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -15230,19 +15298,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15252,108 +15315,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15368,24 +15411,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15399,17 +15439,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15421,108 +15467,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15537,24 +15563,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15568,17 +15591,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15590,101 +15619,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15692,7 +15728,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15700,24 +15736,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15731,14 +15767,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15748,101 +15789,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15858,24 +15906,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15889,23 +15937,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15917,101 +15959,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16027,24 +16076,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16058,27 +16107,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16090,101 +16129,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16200,24 +16246,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16231,27 +16277,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16285,9 +16321,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16317,7 +16353,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16348,9 +16384,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16443,9 +16479,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16475,7 +16511,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16506,9 +16542,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16590,20 +16626,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16611,18 +16647,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -16630,43 +16666,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16674,18 +16695,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -16700,21 +16721,21 @@ "version": "9.6" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -16728,13 +16749,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -16745,104 +16766,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16858,24 +16874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -16889,121 +16902,118 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -17011,7 +17021,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17019,158 +17029,149 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:78869548a5a4ddb038886aeab1fbb33a5a3575f0e4f76e1e6adb3ea9e0e7712e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "zlib and Boost" + ], + "cpes": [ + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -17186,21 +17187,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17214,111 +17218,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00145 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17326,21 +17348,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17354,17 +17379,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -17790,7 +17826,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17969,107 +18005,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.11.1.md b/docs/security/agent/grype-25.11.1.md index c498ee1..6f272e8 100644 --- a/docs/security/agent/grype-25.11.1.md +++ b/docs/security/agent/grype-25.11.1.md @@ -10,31 +10,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.11.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.11.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.11.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -58,23 +58,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -85,35 +84,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.11.2.json b/docs/security/agent/grype-25.11.2.json index f551c4a..3ae0fe1 100644 --- a/docs/security/agent/grype-25.11.2.json +++ b/docs/security/agent/grype-25.11.2.json @@ -25,8 +25,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -88,8 +88,8 @@ { "cve": "CVE-2024-56433", "epss": 0.04509, - "percentile": 0.88904, - "date": "2026-02-23" + "percentile": 0.88933, + "date": "2026-03-09" } ], "cwes": [ @@ -164,189 +164,6 @@ } } }, - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -371,9 +188,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -403,7 +220,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -418,9 +235,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -438,9 +256,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -533,9 +351,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -565,7 +383,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -580,9 +398,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -600,9 +419,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -684,76 +503,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -846,9 +848,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -856,7 +858,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -891,9 +893,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -987,8 +989,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1053,8 +1055,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1156,8 +1158,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1222,8 +1224,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1325,8 +1327,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1381,8 +1383,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1473,8 +1475,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1546,8 +1548,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1649,8 +1651,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1722,8 +1724,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1824,9 +1826,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1842,7 +1844,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1873,9 +1875,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1965,9 +1967,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1983,7 +1985,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -2014,9 +2016,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -2117,9 +2119,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2135,7 +2137,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2177,9 +2179,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2270,8 +2272,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2319,8 +2321,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2388,20 +2390,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2409,49 +2411,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2460,40 +2473,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2508,21 +2503,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2536,95 +2534,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2633,47 +2634,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2681,21 +2664,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -2709,66 +2695,71 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2778,93 +2769,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2881,21 +2843,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -2909,13 +2871,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2926,123 +2888,127 @@ }, { "vulnerability": { - "id": "CVE-2025-6965", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", - "severity": "High", + "severity": "Low", "urls": [], - "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.7, - "exploitabilityScore": 1.8, - "impactScore": 5.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:3.34.1-9.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:3.34.1-9.el9_7", - "date": "2025-11-12", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:20936", - "link": "https://access.redhat.com/errata/RHSA-2025:20936" - } - ], - "risk": 0.054720000000000005 + "advisories": [], + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6965", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ - "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", - "http://seclists.org/fulldisclosure/2025/Sep/49", - "http://seclists.org/fulldisclosure/2025/Sep/53", - "http://seclists.org/fulldisclosure/2025/Sep/56", - "http://seclists.org/fulldisclosure/2025/Sep/57", - "http://seclists.org/fulldisclosure/2025/Sep/58", - "http://www.openwall.com/lists/oss-security/2025/09/06/1" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 9.8, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve-coordination@google.com", + "source": "cve@mitre.org", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.2 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-6965", - "epss": 0.00072, - "percentile": 0.21962, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6965", - "cwe": "CWE-197", - "source": "cve-coordination@google.com", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3050,24 +3016,21 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6965", - "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:3.34.1-9.el9_7" + "vulnerabilityID": "CVE-2025-27113", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -3081,25 +3044,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3109,39 +3061,51 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -3149,58 +3113,95 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3215,21 +3216,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-1632", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -3243,114 +3244,132 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6965", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 7.7, + "exploitabilityScore": 1.8, + "impactScore": 5.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:3.34.1-9.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:3.34.1-9.el9_7", + "date": "2025-11-12", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.047355 + "advisories": [ + { + "id": "RHSA-2025:20936", + "link": "https://access.redhat.com/errata/RHSA-2025:20936" + } + ], + "risk": 0.054720000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-6965", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8", + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 9.8, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "metrics": { + "baseScore": 7.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-6965", + "epss": 0.00072, + "percentile": 0.21792, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6965", + "cwe": "CWE-197", + "source": "cve-coordination@google.com", "type": "Secondary" } ] @@ -3366,21 +3385,24 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-6965", + "versionConstraint": "< 0:3.34.1-9.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:3.34.1-9.el9_7" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -3394,48 +3416,45 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.5, "exploitabilityScore": 1.9, @@ -3446,73 +3465,273 @@ ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-60753", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.037275 + "risk": 0.04305 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "type": "exact-direct-match", + "matcher": "rpm-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "redhat", + "version": "9.6" + }, "package": { - "name": "fluent-bit", - "version": "25.11.2" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b08e28436378359a", - "name": "fluent-bit", - "version": "25.11.2", - "type": "binary", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [], + "licenses": [ + "LGPLv2+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@25.11.2", - "upstreams": [] + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } } }, { @@ -3539,9 +3758,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3571,7 +3790,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3605,9 +3824,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3700,9 +3919,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3732,7 +3951,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.03782 }, "relatedVulnerabilities": [ { @@ -3766,9 +3985,9 @@ "epss": [ { "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ @@ -3850,20 +4069,23 @@ }, { "vulnerability": { - "id": "CVE-2023-45322", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3871,208 +4093,176 @@ ], "epss": [ { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.03382000000000001 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-45322", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.11.2" + } }, "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", - "type": "rpm", + "id": "b08e28436378359a", + "name": "fluent-bit", + "version": "25.11.2", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "MIT" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.11.2", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.032785 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4087,21 +4277,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4115,104 +4308,122 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.034265000000000004 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -4227,21 +4438,24 @@ "version": "9.6" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -4255,40 +4469,40 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [ { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-45322", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "cvss": [ { "type": "Secondary", @@ -4304,17 +4518,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -4323,28 +4537,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.03382000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2023-45322", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-45322", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4352,17 +4568,17 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", - "source": "secalert@redhat.com", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -4384,7 +4600,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } @@ -4423,105 +4639,87 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -4536,24 +4734,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-1484", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4567,29 +4762,29 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", @@ -4605,91 +4800,73 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4697,24 +4874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0990", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -4728,48 +4902,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4777,65 +4940,47 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4843,17 +4988,17 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4869,24 +5014,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -4900,37 +5042,37 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4938,16 +5080,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4971,24 +5113,36 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -5004,16 +5158,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5022,7 +5176,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5031,12 +5185,12 @@ }, "package": { "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5045,8 +5199,8 @@ } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", + "id": "7dc75dc862d10c78", + "name": "openssl", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5064,22 +5218,11 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5089,12 +5232,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", @@ -5110,47 +5253,77 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.031049999999999994 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5158,17 +5331,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -5176,7 +5349,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5184,21 +5357,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69421", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5212,37 +5388,48 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5250,16 +5437,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5283,32 +5470,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5316,16 +5502,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5348,7 +5534,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5390,20 +5576,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5411,16 +5597,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5444,32 +5630,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.028025 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5477,16 +5662,16 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5509,7 +5694,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -5562,115 +5747,20 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.11.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "b08e28436378359a", - "name": "fluent-bit", - "version": "25.11.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.11.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5678,18 +5768,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -5697,49 +5787,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5754,21 +5853,21 @@ "version": "9.6" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4fbfd80d85bb460e", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -5782,37 +5881,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5820,81 +5919,75 @@ ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5903,7 +5996,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5912,22 +6005,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -5945,11 +6035,22 @@ "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -5959,85 +6060,305 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.027825000000000003 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "25.11.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "b08e28436378359a", + "name": "fluent-bit", + "version": "25.11.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:1905aba2a3f42f00fcdb212dcd1a70c4be7adf456177ee0915bcd13c695f7913", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.11.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@25.11.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027804999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "state": "fixed", - "available": [ + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] - }, - "advisories": [ + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" + } + ], + "cwes": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6045,25 +6366,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6071,24 +6392,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "4fbfd80d85bb460e", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -6102,28 +6420,17 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.6&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -6153,8 +6460,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6196,8 +6503,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6291,8 +6598,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -6334,8 +6641,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6429,8 +6736,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6449,7 +6756,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6491,8 +6798,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6586,8 +6893,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6606,7 +6913,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6648,8 +6955,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6754,8 +7061,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6774,7 +7081,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6816,8 +7123,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6926,243 +7233,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-168.el9_6.23" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7170,21 +7319,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -7198,14 +7350,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7237,9 +7404,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7269,7 +7436,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7302,9 +7469,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7397,9 +7564,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7429,7 +7596,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -7462,9 +7629,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7569,8 +7736,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7630,8 +7797,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7714,186 +7881,28 @@ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.02125 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-27943", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "gcc", - "version": "11.5.0-5.el9_5" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "54d8bbcf6652ae80", - "name": "libstdc++", - "version": "11.5.0-5.el9_5", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-5.el9_5" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7902,46 +7911,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0207 + "risk": 0.02125 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "id": "CVE-2022-27943", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-27943", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7949,7 +7971,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7957,21 +7979,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gcc", + "version": "11.5.0-5.el9_5" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "54d8bbcf6652ae80", + "name": "libstdc++", + "version": "11.5.0-5.el9_5", "type": "rpm", "locations": [ { @@ -7985,14 +8007,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-5.el9_5:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-5.el9_5?arch=x86_64&distro=rhel-9.6&upstream=gcc-11.5.0-5.el9_5.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-5.el9_5" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8002,39 +8029,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8042,61 +8069,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8111,21 +8124,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8142,10 +8155,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8156,12 +8169,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -8177,17 +8190,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -8196,46 +8209,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -8243,7 +8256,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8251,21 +8264,21 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -8277,16 +8290,27 @@ } } ], - "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.6&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } + ], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8296,20 +8320,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8317,18 +8341,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8336,28 +8360,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8365,18 +8390,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8391,21 +8416,21 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -8419,13 +8444,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8459,8 +8484,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8524,8 +8549,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8630,8 +8655,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8695,8 +8720,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8801,8 +8826,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8878,8 +8903,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8961,44 +8986,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9007,52 +9026,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9074,7 +9101,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } @@ -9113,120 +9140,86 @@ }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.6, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.4 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cwes": [ + { + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9242,24 +9235,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-7039", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -9273,137 +9263,117 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 2.3, - "impactScore": 3.4 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-4.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-4.el9_7", - "date": "2025-11-14", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2025:21255", - "link": "https://access.redhat.com/errata/RHSA-2025:21255" - } - ], - "risk": 0.01643 + "advisories": [], + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9230", + "cve": "CVE-2025-5918", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9411,7 +9381,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9419,24 +9389,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-4.el9_7" + "vulnerabilityID": "CVE-2025-5918", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9450,115 +9417,149 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "High", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.3.3-5.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.3.3-5.el9_7", + "date": "2026-01-16", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.014739999999999998 + "advisories": [ + { + "id": "RHSA-2026:0719", + "link": "https://access.redhat.com/errata/RHSA-2026:0719" + } + ], + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-68973", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", + "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", + "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", + "https://gpg.fail/memcpy", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46403200", + "https://www.openwall.com/lists/oss-security/2025/12/28/5", + "http://www.openwall.com/lists/oss-security/2025/12/29/11", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 7, + "exploitabilityScore": 1.1, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 7.8, + "exploitabilityScore": 1.5, + "impactScore": 5.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-68973", + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", + "cve": "CVE-2025-68973", + "cwe": "CWE-675", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-68973", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9573,21 +9574,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68973", + "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.3.3-5.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -9601,13 +9605,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9641,8 +9645,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9695,8 +9699,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -9775,12 +9779,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -9796,16 +9800,16 @@ ], "epss": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-5916", "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9819,242 +9823,57 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", - "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.6" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-5918", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-68973", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68973", - "namespace": "redhat:distro:redhat:9", - "severity": "High", - "urls": [], - "description": "A flaw was found in GnuPG. An attacker can provide crafted input to the `armor_filter` function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", - "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "0:2.3.3-5.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.3.3-5.el9_7", - "date": "2026-01-16", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:0719", - "link": "https://access.redhat.com/errata/RHSA-2026:0719" - } - ], - "risk": 0.012240000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68973", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68973", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306", - "https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9", - "https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51", - "https://gpg.fail/memcpy", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46403200", - "https://www.openwall.com/lists/oss-security/2025/12/28/5", - "http://www.openwall.com/lists/oss-security/2025/12/29/11", - "https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html" - ], - "description": "In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 7, - "exploitabilityScore": 1.1, - "impactScore": 5.9 + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 7.8, - "exploitabilityScore": 1.5, - "impactScore": 5.8 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68973", - "cwe": "CWE-675", - "source": "cve@mitre.org", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2025-68973", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10069,24 +9888,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68973", - "versionConstraint": "< 0:2.3.3-5.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.3.3-5.el9_7" + "vulnerabilityID": "CVE-2025-5916", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10100,13 +9916,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10117,20 +9933,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -10138,17 +9954,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10157,51 +9973,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10217,21 +10042,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10245,55 +10070,61 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -10302,51 +10133,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -10354,7 +10187,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10362,21 +10195,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "f8bdc202e20abd5b", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -10385,132 +10218,142 @@ "accessPath": "/var/lib/rpm/rpmdb.sqlite", "annotations": { "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + } } ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0118 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2025-9230", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10526,21 +10369,24 @@ "version": "9.6" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "f8bdc202e20abd5b", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10554,117 +10400,137 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.6&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9230", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 5.6, + "exploitabilityScore": 2.3, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-4.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-4.el9_7", + "date": "2025-11-14", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.01173 + "advisories": [ + { + "id": "RHSA-2025:21255", + "link": "https://access.redhat.com/errata/RHSA-2025:21255" + } + ], + "risk": 0.011660000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10672,7 +10538,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10680,21 +10546,24 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 1:3.5.1-4.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-4.el9_7" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -10708,56 +10577,73 @@ ], "language": "", "licenses": [ - "BSD" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -10765,31 +10651,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 }, "vendorMetadata": {} }, @@ -10797,29 +10681,35 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", + "cve": "CVE-2023-4156", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -10834,21 +10724,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -10862,13 +10752,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10879,45 +10769,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -10925,65 +10809,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -10998,21 +10864,21 @@ "version": "9.6" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -11026,13 +10892,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.6&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11066,8 +10932,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11086,7 +10952,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11128,8 +10994,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11223,8 +11089,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11243,7 +11109,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11285,8 +11151,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11391,8 +11257,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11411,7 +11277,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11453,8 +11319,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11563,8 +11429,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11583,7 +11449,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11625,8 +11491,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11712,20 +11578,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11733,47 +11599,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11781,18 +11665,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11807,21 +11691,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11835,116 +11722,121 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11952,7 +11844,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11960,21 +11852,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -11988,137 +11883,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12126,21 +12034,24 @@ "version": "9.6" }, "package": { - "name": "sqlite", - "version": "3.34.1-8.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "589dcf3821f954e5", - "name": "sqlite-libs", - "version": "3.34.1-8.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12154,122 +12065,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-8.el9_6" - } + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12277,21 +12205,24 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12305,92 +12236,98 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ - { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + { + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -12398,34 +12335,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -12441,21 +12372,21 @@ "version": "9.6" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "5fe8b53173092253", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12469,13 +12400,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12486,20 +12417,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12507,18 +12438,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12526,47 +12457,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12581,21 +12517,21 @@ "version": "9.6" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-12.el9_6" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "66b25e26e34fcd34", - "name": "libxml2", - "version": "2.9.13-12.el9_6", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -12609,103 +12545,90 @@ ], "language": "", "licenses": [ - "MIT" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12713,16 +12636,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12731,7 +12654,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12740,22 +12663,19 @@ }, "package": { "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", + "id": "58e683943e8aac02", + "name": "openssl-libs", "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ @@ -12772,12 +12692,23 @@ "licenses": [ "ASL 2.0" ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -12787,20 +12718,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12808,60 +12739,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -12870,22 +12791,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12900,24 +12839,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "589dcf3821f954e5", + "name": "sqlite-libs", + "version": "3.34.1-8.el9_6", "type": "rpm", "locations": [ { @@ -12931,142 +12867,127 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-8.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-8.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-8.el9_6?arch=x86_64&distro=rhel-9.6&upstream=sqlite-3.34.1-8.el9_6.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "sqlite", + "version": "3.34.1-8.el9_6" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, + ], + "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -13082,24 +13003,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13113,139 +13031,111 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13253,24 +13143,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "libxml2", + "version": "0:2.9.13-12.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "66b25e26e34fcd34", + "name": "libxml2", + "version": "2.9.13-12.el9_6", "type": "rpm", "locations": [ { @@ -13284,141 +13171,126 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-12.el9_6:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-12.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libxml2-2.9.13-12.el9_6.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -13435,21 +13307,21 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "5fe8b53173092253", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -13463,13 +13335,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.6&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13480,20 +13352,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13501,18 +13373,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -13520,41 +13392,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13562,18 +13421,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13594,7 +13453,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13655,9 +13514,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13687,7 +13546,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13721,9 +13580,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13816,9 +13675,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13848,7 +13707,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13882,9 +13741,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13938,28 +13797,196 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "ASL 2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" + ], + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.6" + }, + "package": { + "name": "gnupg2", + "version": "0:2.3.3-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13989,8 +14016,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14048,7 +14075,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -14073,8 +14104,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -14168,8 +14199,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14242,8 +14273,8 @@ { "cve": "CVE-2025-9714", "epss": 0.00009, - "percentile": 0.00734, - "date": "2026-02-23" + "percentile": 0.00768, + "date": "2026-03-09" } ], "cwes": [ @@ -14314,98 +14345,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -14421,21 +14455,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "216624bfdaca7e14", + "name": "glibc", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14449,13 +14486,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -14466,98 +14503,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034999999999999996 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14565,21 +14613,24 @@ "version": "9.6" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-6.el9_6.2" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "b35df4783bb92a7c", - "name": "gnutls", - "version": "3.8.3-6.el9_6.2", + "id": "9f015ce51733d815", + "name": "glibc-common", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14593,14 +14644,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-168.el9_6.23" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14610,88 +14672,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14706,21 +14782,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "707ec843794b77ca", - "name": "curl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "a41b19fb052f88ad", + "name": "glibc-langpack-en", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14734,23 +14813,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14762,88 +14845,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14858,21 +14955,24 @@ "version": "9.6" }, "package": { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "220f5f360bc1aff5", - "name": "libcurl-minimal", - "version": "7.76.1-31.el9_6.1", + "id": "69aa0e41aa927cd6", + "name": "glibc-minimal-langpack", + "version": "2.34-168.el9_6.23", "type": "rpm", "locations": [ { @@ -14886,23 +14986,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-31.el9_6.1" + "name": "glibc", + "version": "2.34-168.el9_6.23" } ], "metadataType": "RpmMetadata", @@ -14914,107 +15018,98 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.1, + "baseScore": 5.5, "exploitabilityScore": 1.9, - "impactScore": 4.3 + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15022,7 +15117,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15030,24 +15125,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2026-24883", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "09371eedc2b9d95d", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15061,19 +15153,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15083,106 +15170,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -15191,7 +15262,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15199,24 +15270,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-6.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "b35df4783bb92a7c", + "name": "gnutls", + "version": "3.8.3-6.el9_6.2", "type": "rpm", "locations": [ { @@ -15230,19 +15298,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-6.el9_6.2:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-6.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=gnutls-3.8.3-6.el9_6.2.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15252,108 +15315,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15368,24 +15411,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", - "version": "2.37.4-21.el9", + "id": "707ec843794b77ca", + "name": "curl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15399,17 +15439,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15421,108 +15467,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -15537,24 +15563,21 @@ "version": "9.6" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", - "version": "2.37.4-21.el9", + "id": "220f5f360bc1aff5", + "name": "libcurl-minimal", + "version": "7.76.1-31.el9_6.1", "type": "rpm", "locations": [ { @@ -15568,17 +15591,23 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-31.el9_6.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-31.el9_6.1?arch=x86_64&distro=rhel-9.6&upstream=curl-7.76.1-31.el9_6.1.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-31.el9_6.1" } ], "metadataType": "RpmMetadata", @@ -15590,101 +15619,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + { + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15692,7 +15728,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15700,24 +15736,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "0:2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "216624bfdaca7e14", - "name": "glibc", - "version": "2.34-168.el9_6.23", + "id": "09371eedc2b9d95d", + "name": "libblkid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15731,14 +15767,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15748,101 +15789,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15858,24 +15906,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "9f015ce51733d815", - "name": "glibc-common", - "version": "2.34-168.el9_6.23", + "id": "403e3b854fc89f1e", + "name": "libmount", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15889,23 +15937,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15917,101 +15959,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16027,24 +16076,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "a41b19fb052f88ad", - "name": "glibc-langpack-en", - "version": "2.34-168.el9_6.23", + "id": "7069d90382d7c593", + "name": "libsmartcols", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16058,27 +16107,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:glibc-langpack-en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack-en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack_en:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_langpack:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-langpack-en:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_langpack_en:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-langpack-en@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16090,101 +16129,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16200,24 +16246,24 @@ "version": "9.6" }, "package": { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "69aa0e41aa927cd6", - "name": "glibc-minimal-langpack", - "version": "2.34-168.el9_6.23", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16231,27 +16277,17 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-168.el9_6.23:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-168.el9_6.23?arch=x86_64&distro=rhel-9.6&upstream=glibc-2.34-168.el9_6.23.src.rpm", + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.6&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-168.el9_6.23" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16285,9 +16321,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16317,7 +16353,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16348,9 +16384,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16443,9 +16479,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16475,7 +16511,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16506,9 +16542,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16590,20 +16626,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16611,18 +16647,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -16630,43 +16666,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16674,18 +16695,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -16700,21 +16721,21 @@ "version": "9.6" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-16.el9_6.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "35f4edf399bccea5", + "name": "glib2", + "version": "2.68.4-16.el9_6.2", "type": "rpm", "locations": [ { @@ -16728,13 +16749,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -16745,104 +16766,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16858,24 +16874,21 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7dc75dc862d10c78", - "name": "openssl", - "version": "1:3.2.2-6.el9_5.1", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -16889,121 +16902,118 @@ ], "language": "", "licenses": [ - "ASL 2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -17011,7 +17021,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17019,158 +17029,149 @@ "version": "9.6" }, "package": { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "58e683943e8aac02", - "name": "openssl-libs", - "version": "1:3.2.2-6.el9_5.1", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "ASL 2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.2.2-6.el9_5.1" + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:ed669223edf4757e6a2b20405401e31a33f922ef936c50fba7d8971d4ddc7c38", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } } ], + "language": "", + "licenses": [ + "zlib and Boost" + ], + "cpes": [ + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.6&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -17186,21 +17187,24 @@ "version": "9.6" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "7dc75dc862d10c78", + "name": "openssl", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17214,111 +17218,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.6&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00145 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4, + "exploitabilityScore": 1.5, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17326,21 +17348,24 @@ "version": "9.6" }, "package": { - "name": "glib2", - "version": "0:2.68.4-16.el9_6.2" + "name": "openssl", + "version": "3.2.2-6.el9_5.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "35f4edf399bccea5", - "name": "glib2", - "version": "2.68.4-16.el9_6.2", + "id": "58e683943e8aac02", + "name": "openssl-libs", + "version": "1:3.2.2-6.el9_5.1", "type": "rpm", "locations": [ { @@ -17354,17 +17379,28 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "ASL 2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-16.el9_6.2:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.2.2-6.el9_5.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.2.2-6.el9_5.1?arch=x86_64&distro=rhel-9.6&epoch=1&upstream=openssl-3.2.2-6.el9_5.1.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.2.2-6.el9_5.1" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-16.el9_6.2?arch=x86_64&distro=rhel-9.6&upstream=glib2-2.68.4-16.el9_6.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } @@ -17790,7 +17826,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17969,107 +18005,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.11.2.md b/docs/security/agent/grype-25.11.2.md index 0516ace..2851c30 100644 --- a/docs/security/agent/grype-25.11.2.md +++ b/docs/security/agent/grype-25.11.2.md @@ -10,31 +10,31 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2025-6965](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.11.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.11.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.11.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | systemd-libs | 252-51.el9_6.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | Medium | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-9714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9714) | Medium | | curl-minimal | 7.76.1-31.el9_6.1 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -58,23 +58,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-10.20210508.el9_6.2 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -85,35 +84,36 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-5.el9_5 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-16.el9_6.2 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-8.el9_6 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-12.el9_6 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-12.el9_6 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | glibc | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-langpack-en | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-168.el9_6.23 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-6.el9_6.2 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.2.2-6.el9_5.1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | -| glib2 | 2.68.4-16.el9_6.2 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.1.json b/docs/security/agent/grype-25.12.1.json index 42f54a6..9ea2b96 100644 --- a/docs/security/agent/grype-25.12.1.json +++ b/docs/security/agent/grype-25.12.1.json @@ -1,188 +1,5 @@ { "matches": [ - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -207,9 +24,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -239,7 +56,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -254,9 +71,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -274,9 +92,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -369,9 +187,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -401,7 +219,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -416,9 +234,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -436,9 +255,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -520,76 +339,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -682,9 +684,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -692,7 +694,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -727,9 +729,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -823,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -889,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -992,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1058,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1161,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1217,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1309,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1382,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1485,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1558,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1660,9 +1662,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1678,7 +1680,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1709,9 +1711,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1801,9 +1803,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1819,7 +1821,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1850,9 +1852,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1953,9 +1955,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -1971,7 +1973,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2013,9 +2015,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2106,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2155,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2224,20 +2226,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2245,49 +2247,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2296,40 +2309,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2344,21 +2339,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2372,95 +2370,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2469,47 +2470,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2517,21 +2500,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2545,66 +2531,71 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2614,93 +2605,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2717,21 +2679,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2745,13 +2707,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2762,39 +2724,45 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2802,58 +2770,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2868,21 +2852,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2896,56 +2880,68 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2953,63 +2949,711 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" - } - ], - "cwes": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-1632", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.04305 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", @@ -3025,8 +3669,11 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], @@ -3101,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ @@ -3170,37 +3817,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3224,49 +3871,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3289,7 +3936,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3331,37 +3978,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3385,49 +4032,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3450,7 +4097,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3526,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3552,161 +4199,21 @@ "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openwall.com/lists/oss-security/2023/10/06/5", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" - ], - "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-45322", - "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-45322", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-45322", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "MIT" - ], - "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "http://www.openwall.com/lists/oss-security/2023/10/06/5", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/583", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is \"I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3714,16 +4221,16 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2023-45322", + "epss": 0.00076, + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", + "cve": "CVE-2023-45322", + "cwe": "CWE-416", "source": "nvd@nist.gov", "type": "Primary" } @@ -3740,21 +4247,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2023-45322", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3768,13 +4275,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3785,38 +4292,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3825,46 +4332,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3872,7 +4379,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3880,21 +4387,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-1484", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3908,25 +4415,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3959,8 +4455,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ @@ -4007,8 +4503,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ @@ -4076,20 +4572,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4097,83 +4593,65 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.031150000000000004 + "advisories": [], + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.5, + "exploitabilityScore": 2.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -4189,24 +4667,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-14512", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4220,37 +4695,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4258,16 +4733,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4291,49 +4766,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4342,7 +4829,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4351,12 +4838,12 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4365,8 +4852,8 @@ } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4384,22 +4871,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4409,20 +4885,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4430,16 +4906,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4463,24 +4939,36 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -4496,16 +4984,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4514,7 +5002,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4523,12 +5011,12 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4537,8 +5025,8 @@ } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4556,11 +5044,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4570,12 +5069,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4591,16 +5090,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4624,32 +5123,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4657,16 +5155,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4675,7 +5173,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4684,12 +5182,12 @@ }, "package": { "name": "openssl", - "version": "3.5.1-4.el9_7" + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4698,8 +5196,8 @@ } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", + "id": "25e16a00909d33d5", + "name": "openssl", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -4717,22 +5215,11 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -4742,20 +5229,20 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4763,47 +5250,64 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.031049999999999994 + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4811,17 +5315,17 @@ ], "epss": [ { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -4829,7 +5333,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4837,21 +5341,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-66199", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -4865,37 +5372,48 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4903,82 +5421,75 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.028025 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5001,11 +5512,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5043,20 +5551,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5064,82 +5572,75 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.028025 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ - { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5162,11 +5663,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5241,8 +5739,8 @@ { "cve": "CVE-2025-29477", "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ @@ -5310,38 +5808,38 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -5350,48 +5848,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.027804999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -5407,21 +5903,21 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2026-0988", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5435,13 +5931,13 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5452,172 +5948,12 @@ }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" - } - } - ], - "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": 1, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", @@ -5633,64 +5969,49 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5698,25 +6019,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5724,24 +6045,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5755,28 +6073,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -5806,8 +6113,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5849,8 +6156,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -5944,8 +6251,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5987,8 +6294,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6082,8 +6389,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6102,7 +6409,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6144,8 +6451,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6239,8 +6546,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6259,7 +6566,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6301,8 +6608,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6407,8 +6714,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6419,231 +6726,73 @@ "type": "Secondary" } ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0234 + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6651,21 +6800,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6679,14 +6831,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6718,9 +6885,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6750,7 +6917,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6783,9 +6950,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6878,9 +7045,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6910,7 +7077,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6943,9 +7110,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7050,8 +7217,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7111,8 +7278,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7208,8 +7375,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7238,191 +7405,46 @@ "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gcc", - "version": "11.5.0-11.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0207 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" - ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7430,7 +7452,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7438,21 +7460,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -7466,14 +7488,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7483,39 +7510,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7523,61 +7550,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7592,21 +7605,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7623,10 +7636,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7637,12 +7650,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -7658,17 +7671,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7677,46 +7690,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7724,7 +7737,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7732,21 +7745,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7760,14 +7773,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7777,20 +7801,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7798,18 +7822,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7817,28 +7841,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7846,18 +7871,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7872,21 +7897,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -7900,13 +7925,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7940,8 +7965,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8005,8 +8030,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8111,8 +8136,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8176,8 +8201,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8282,8 +8307,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8359,8 +8384,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8454,8 +8479,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8531,8 +8556,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8637,8 +8662,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8714,8 +8739,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8820,8 +8845,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8897,8 +8922,8 @@ { "cve": "CVE-2025-4598", "epss": 0.00037, - "percentile": 0.10988, - "date": "2026-02-23" + "percentile": 0.10702, + "date": "2026-03-09" } ], "cwes": [ @@ -8984,44 +9009,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9030,191 +9049,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014739999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" - ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9231,21 +9118,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } - ], - "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9259,13 +9146,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9276,37 +9163,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9316,51 +9203,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9369,7 +9250,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -9377,21 +9258,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -9405,25 +9286,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -9455,9 +9325,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -9473,7 +9343,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01449 }, "relatedVulnerabilities": [ { @@ -9517,9 +9387,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -9609,9 +9479,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9647,7 +9517,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.012240000000000003 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { @@ -9696,9 +9566,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9760,198 +9630,53 @@ "licenses": [ "GPLv3+" ], - "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011895 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" - ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9960,51 +9685,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10020,21 +9746,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -10048,72 +9774,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -10122,53 +9842,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -10184,21 +9911,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -10212,13 +9939,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10229,37 +9956,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -10269,31 +9996,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01173 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -10301,27 +10028,27 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -10344,7 +10071,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -10383,38 +10110,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -10423,60 +10156,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -10492,21 +10218,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -10520,13 +10246,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -10560,8 +10286,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ @@ -10626,8 +10352,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ @@ -10699,6 +10425,146 @@ } } }, + { + "vulnerability": { + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01008 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + ], + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1757", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2026-0915", @@ -10724,8 +10590,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10744,7 +10610,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10786,8 +10652,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10881,8 +10747,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10901,7 +10767,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10943,8 +10809,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11049,8 +10915,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11069,7 +10935,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -11111,8 +10977,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -11198,20 +11064,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11219,47 +11085,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008960000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11267,18 +11151,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11293,21 +11177,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11321,116 +11208,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -11438,7 +11330,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11446,21 +11338,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11474,137 +11369,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11612,21 +11520,24 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11640,122 +11551,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11763,21 +11691,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11791,92 +11722,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -11884,34 +11821,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11927,21 +11858,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11955,13 +11886,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11972,20 +11903,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11993,18 +11924,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -12012,47 +11943,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -12067,21 +12003,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -12095,103 +12031,90 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12199,16 +12122,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -12217,7 +12140,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12226,22 +12149,19 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -12259,11 +12179,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -12273,20 +12204,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -12294,60 +12225,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -12356,22 +12277,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -12386,24 +12325,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -12417,142 +12353,127 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -12568,24 +12489,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12599,139 +12517,111 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12739,24 +12629,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12770,141 +12657,126 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -12921,21 +12793,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12949,13 +12821,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12966,20 +12838,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12987,18 +12859,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -13006,41 +12878,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -13048,18 +12907,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -13080,7 +12939,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -13141,9 +13000,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13173,7 +13032,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -13207,9 +13066,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13302,9 +13161,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -13330,54 +13189,236 @@ }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:07199ce67b312abed6bc1e4846c6365a46a7d9e0845580a5cdeddd347876535e", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], - "risk": 0.00539 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68160", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -13385,7 +13426,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13393,24 +13434,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -13424,28 +13462,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -13475,8 +13502,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -13534,7 +13561,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -13559,8 +13590,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -13654,8 +13685,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03553, - "date": "2026-02-23" + "percentile": 0.03626, + "date": "2026-03-09" } ], "cwes": [ @@ -13714,8 +13745,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03553, - "date": "2026-02-23" + "percentile": 0.03626, + "date": "2026-03-09" } ], "cwes": [ @@ -13783,98 +13814,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -13890,21 +13924,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13918,13 +13955,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13935,98 +13972,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0034999999999999996 + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14034,21 +14082,24 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -14062,14 +14113,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14079,88 +14141,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -14175,21 +14251,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -14203,23 +14282,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -14231,39 +14314,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.8, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -14271,55 +14354,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0034299999999999995 + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14327,21 +14421,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -14355,25 +14449,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14383,106 +14466,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -14491,7 +14558,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14499,24 +14566,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -14530,19 +14594,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14552,108 +14611,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14668,24 +14707,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14699,17 +14735,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14721,108 +14763,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14837,24 +14859,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14868,17 +14887,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14913,8 +14938,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14960,6 +14985,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14982,8 +15008,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -15021,8 +15047,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "31d143a38566e735", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -15040,10 +15066,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -15082,8 +15108,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -15129,6 +15155,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -15151,8 +15178,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -15190,8 +15217,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "1bd147c6291221f2", + "name": "libfdisk", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -15206,13 +15233,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -15251,8 +15278,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -15298,6 +15325,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -15320,8 +15348,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -15336,7 +15364,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15345,7 +15373,7 @@ }, "package": { "name": "util-linux", - "version": "0:2.37.4-21.el9" + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -15359,8 +15387,8 @@ } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -15375,20 +15403,19 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15421,8 +15448,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -15468,6 +15495,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -15490,8 +15518,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -15529,8 +15557,8 @@ } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -15545,23 +15573,13 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -15576,102 +15594,109 @@ } }, { - "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15679,7 +15704,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15687,24 +15712,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15718,14 +15743,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15735,101 +15765,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15837,7 +15874,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15845,24 +15882,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15876,25 +15913,20 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15904,101 +15936,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + { + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -16014,24 +16053,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -16045,27 +16084,27 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -16099,9 +16138,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16131,7 +16170,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16162,9 +16201,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16257,9 +16296,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16289,7 +16328,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -16320,9 +16359,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -16404,20 +16443,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16425,18 +16464,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -16444,43 +16483,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16488,18 +16512,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -16514,21 +16538,21 @@ "version": "9.7" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -16542,13 +16566,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -16559,104 +16583,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16672,24 +16691,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -16703,121 +16719,118 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16825,7 +16838,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16833,24 +16846,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { @@ -16864,127 +16874,121 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "zlib and Boost" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" - ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -17000,21 +17004,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -17028,122 +17035,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-24515", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24515", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00188, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24515", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.001475 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24515", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/pull/1131" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24515", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00188, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24515", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -17151,21 +17165,24 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24515", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -17179,37 +17196,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2026-24515", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -17217,17 +17245,17 @@ ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00246, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -17236,28 +17264,39 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00145 + "risk": 0.001475 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2026-24515", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/libexpat/libexpat/pull/1131" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -17265,17 +17304,17 @@ ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00246, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Primary" } ] @@ -17291,21 +17330,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", + "vulnerabilityID": "CVE-2026-24515", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -17319,13 +17358,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -17756,7 +17795,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17935,107 +17974,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.12.1.md b/docs/security/agent/grype-25.12.1.md index aa459b2..5c147bf 100644 --- a/docs/security/agent/grype-25.12.1.md +++ b/docs/security/agent/grype-25.12.1.md @@ -9,14 +9,15 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.12.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.12.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.12.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | @@ -24,16 +25,15 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | systemd-libs | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | systemd-pam | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | | systemd-rpm-macros | 252-55.el9_7.2 | [CVE-2025-4598](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4598) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -58,23 +58,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -84,36 +83,37 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2026-24515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.2.json b/docs/security/agent/grype-25.12.2.json index df204b0..e7fc31d 100644 --- a/docs/security/agent/grype-25.12.2.json +++ b/docs/security/agent/grype-25.12.2.json @@ -1,188 +1,5 @@ { "matches": [ - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -207,9 +24,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -239,7 +56,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -254,9 +71,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -274,9 +92,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -369,9 +187,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -401,7 +219,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -416,9 +234,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -436,9 +255,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -520,76 +339,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -682,9 +684,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -692,7 +694,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -727,9 +729,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -823,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -889,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -992,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1058,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1161,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1217,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1309,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1382,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1485,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1558,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1660,9 +1662,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1678,7 +1680,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1709,9 +1711,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1801,9 +1803,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1819,7 +1821,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1850,9 +1852,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1953,9 +1955,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -1971,7 +1973,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2013,9 +2015,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2106,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2155,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2224,20 +2226,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2245,49 +2247,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2296,40 +2309,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2344,21 +2339,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2372,95 +2370,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2469,47 +2470,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2517,21 +2500,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2545,66 +2531,71 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2614,93 +2605,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2717,21 +2679,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2745,13 +2707,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2762,39 +2724,45 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2802,58 +2770,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2868,21 +2852,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2896,56 +2880,68 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2953,63 +2949,711 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" - } - ], - "cwes": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-1632", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.04305 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", @@ -3025,8 +3669,11 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], @@ -3101,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ @@ -3170,37 +3817,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3224,49 +3871,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3289,7 +3936,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3331,37 +3978,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3385,49 +4032,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3450,7 +4097,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3526,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3576,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3645,38 +4292,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3685,46 +4332,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3740,21 +4387,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-1484", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3768,13 +4415,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3785,38 +4432,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3825,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3854,17 +4501,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3872,7 +4519,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3880,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3908,25 +4555,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3936,20 +4572,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3957,18 +4593,18 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3976,28 +4612,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4005,18 +4641,18 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -4031,21 +4667,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4059,13 +4695,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4076,20 +4712,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4097,16 +4733,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4130,49 +4766,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4195,7 +4843,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4237,20 +4885,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4258,16 +4906,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4291,49 +4939,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4356,7 +5016,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4409,12 +5069,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4430,16 +5090,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4463,32 +5123,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4496,16 +5155,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4528,7 +5187,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4570,12 +5229,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4591,16 +5250,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4624,32 +5283,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4657,16 +5315,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4689,7 +5347,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4742,243 +5400,96 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.031049999999999994 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], - "epss": [ - { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "epss": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], - "risk": 0.028025 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5001,11 +5512,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5043,20 +5551,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5064,82 +5572,75 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.028025 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5162,11 +5663,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5229,327 +5727,168 @@ "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "2c6970bb425bdccc", - "name": "fluent-bit", - "version": "25.12.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.12.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" + ], "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.12.2" + } }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", - "type": "rpm", + "id": "2c6970bb425bdccc", + "name": "fluent-bit", + "version": "25.12.2", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7cb227ba12495ac966088efecba1458a6d3e518d70dfd6f072045a9d8c5d7591", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.12.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.12.2", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.027804999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5564,24 +5903,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5595,29 +5931,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", @@ -5633,64 +5969,49 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5698,25 +6019,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5724,24 +6045,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5755,28 +6073,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -5806,8 +6113,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5849,8 +6156,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -5944,8 +6251,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5987,8 +6294,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6082,8 +6389,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6102,7 +6409,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6144,8 +6451,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6239,8 +6546,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6259,7 +6566,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6301,8 +6608,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6407,243 +6714,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6651,21 +6800,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6679,14 +6831,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6718,9 +6885,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6750,7 +6917,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6783,9 +6950,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6878,9 +7045,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6910,7 +7077,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6943,9 +7110,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7050,8 +7217,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7111,8 +7278,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7208,8 +7375,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7235,194 +7402,49 @@ "severity": "Medium", "urls": [ "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gcc", - "version": "11.5.0-11.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0207 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7430,7 +7452,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7438,21 +7460,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -7466,14 +7488,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7483,39 +7510,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7523,61 +7550,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7592,21 +7605,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7623,10 +7636,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7637,12 +7650,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -7658,17 +7671,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7677,46 +7690,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7724,7 +7737,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7732,21 +7745,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7760,14 +7773,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7777,20 +7801,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7798,18 +7822,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7817,28 +7841,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7846,18 +7871,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7872,21 +7897,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -7900,13 +7925,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7940,8 +7965,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8005,8 +8030,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8111,8 +8136,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8176,8 +8201,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8259,44 +8284,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8305,191 +8324,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014739999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" - ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8506,21 +8393,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } - ], - "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8534,13 +8421,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8551,37 +8438,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8591,51 +8478,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8644,7 +8525,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8652,21 +8533,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -8680,25 +8561,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8730,9 +8600,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -8748,7 +8618,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01449 }, "relatedVulnerabilities": [ { @@ -8792,9 +8662,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -8884,9 +8754,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -8922,7 +8792,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.012240000000000003 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { @@ -8971,9 +8841,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9035,198 +8905,53 @@ "licenses": [ "GPLv3+" ], - "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011895 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" - ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9235,51 +8960,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9295,21 +9021,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9323,72 +9049,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9397,53 +9117,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9459,21 +9186,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9487,13 +9214,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9504,37 +9231,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9544,31 +9271,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01173 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -9576,27 +9303,27 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9619,7 +9346,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -9658,38 +9385,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9698,60 +9431,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9767,21 +9493,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9795,13 +9521,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9835,8 +9561,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ @@ -9901,8 +9627,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ @@ -9974,6 +9700,146 @@ } } }, + { + "vulnerability": { + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01008 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + ], + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1757", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2026-0915", @@ -9999,8 +9865,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10019,7 +9885,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10061,8 +9927,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10156,8 +10022,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10176,7 +10042,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10218,8 +10084,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10324,8 +10190,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10344,7 +10210,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10386,8 +10252,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10473,20 +10339,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10494,47 +10360,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008960000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10542,18 +10426,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10568,21 +10452,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10596,116 +10483,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10713,7 +10605,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10721,21 +10613,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10749,137 +10644,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10887,21 +10795,24 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10915,122 +10826,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11038,21 +10966,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11066,92 +10997,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -11159,34 +11096,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11202,21 +11133,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11230,13 +11161,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11247,20 +11178,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11268,18 +11199,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -11287,47 +11218,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11342,21 +11278,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11370,103 +11306,90 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11474,16 +11397,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -11492,7 +11415,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11501,22 +11424,19 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -11534,11 +11454,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -11548,20 +11479,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11569,60 +11500,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -11631,22 +11552,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -11661,24 +11600,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -11692,142 +11628,127 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -11843,24 +11764,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11874,139 +11792,111 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12014,24 +11904,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12045,141 +11932,126 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -12196,21 +12068,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12224,13 +12096,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12241,20 +12113,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12262,18 +12134,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12281,41 +12153,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12323,18 +12182,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -12355,7 +12214,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -12416,9 +12275,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12448,7 +12307,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -12482,9 +12341,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12577,9 +12436,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12605,54 +12464,236 @@ }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:c26e32c0ff010e0f1b0d2c9ac7c2326bbde361e1c5298bd342fbf2889a495df7", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], - "risk": 0.00539 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68160", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -12660,7 +12701,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12668,24 +12709,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12699,28 +12737,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -12750,8 +12777,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -12809,7 +12836,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -12834,8 +12865,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -12929,8 +12960,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03553, - "date": "2026-02-23" + "percentile": 0.03626, + "date": "2026-03-09" } ], "cwes": [ @@ -12989,8 +13020,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03553, - "date": "2026-02-23" + "percentile": 0.03626, + "date": "2026-03-09" } ], "cwes": [ @@ -13058,98 +13089,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -13165,21 +13199,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13193,13 +13230,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13210,98 +13247,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0034999999999999996 + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13309,21 +13357,24 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13337,14 +13388,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13354,88 +13416,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -13450,21 +13526,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13478,23 +13557,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -13506,39 +13589,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.8, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -13546,55 +13629,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0034299999999999995 + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13602,21 +13696,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -13630,25 +13724,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13658,106 +13741,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -13766,7 +13833,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13774,24 +13841,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -13805,19 +13869,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13827,108 +13886,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -13943,24 +13982,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -13974,17 +14010,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -13996,108 +14038,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14112,24 +14134,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14143,17 +14162,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14188,8 +14213,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14235,6 +14260,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14257,8 +14283,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14296,8 +14322,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "31d143a38566e735", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14315,10 +14341,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -14357,8 +14383,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14404,6 +14430,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14426,8 +14453,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14465,8 +14492,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "1bd147c6291221f2", + "name": "libfdisk", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14481,13 +14508,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -14526,8 +14553,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14573,6 +14600,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14595,8 +14623,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14611,7 +14639,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14620,7 +14648,7 @@ }, "package": { "name": "util-linux", - "version": "0:2.37.4-21.el9" + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -14634,8 +14662,8 @@ } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14650,20 +14678,19 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14696,8 +14723,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14743,6 +14770,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14765,8 +14793,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14804,8 +14832,8 @@ } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14820,23 +14848,13 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -14851,102 +14869,109 @@ } }, { - "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14954,7 +14979,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14962,24 +14987,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14993,14 +15018,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15010,101 +15040,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15112,7 +15149,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15120,24 +15157,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15151,25 +15188,20 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15179,101 +15211,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + { + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15289,24 +15328,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15320,27 +15359,27 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15374,9 +15413,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15406,7 +15445,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15437,9 +15476,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15532,9 +15571,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15564,7 +15603,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15595,9 +15634,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15679,20 +15718,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15700,18 +15739,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -15719,43 +15758,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15763,18 +15787,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -15789,21 +15813,21 @@ "version": "9.7" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -15817,13 +15841,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -15834,104 +15858,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15947,24 +15966,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15978,121 +15994,118 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16100,7 +16113,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16108,24 +16121,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { @@ -16139,127 +16149,121 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "zlib and Boost" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" - ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -16275,21 +16279,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16303,122 +16310,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-24515", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24515", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00188, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24515", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.001475 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24515", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/pull/1131" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24515", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00188, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24515", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16426,21 +16440,24 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24515", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16454,37 +16471,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2026-24515", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16492,17 +16520,17 @@ ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00246, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -16511,28 +16539,39 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00145 + "risk": 0.001475 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2026-24515", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/libexpat/libexpat/pull/1131" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16540,17 +16579,17 @@ ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00246, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Primary" } ] @@ -16566,21 +16605,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", + "vulnerabilityID": "CVE-2026-24515", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -16594,13 +16633,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -17031,7 +17070,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17210,107 +17249,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.12.2.md b/docs/security/agent/grype-25.12.2.md index 868cfe2..de3e016 100644 --- a/docs/security/agent/grype-25.12.2.md +++ b/docs/security/agent/grype-25.12.2.md @@ -9,27 +9,27 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.12.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.12.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.12.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -54,23 +54,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -80,36 +79,37 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2026-24515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.3.json b/docs/security/agent/grype-25.12.3.json index b3206e7..10dbfe6 100644 --- a/docs/security/agent/grype-25.12.3.json +++ b/docs/security/agent/grype-25.12.3.json @@ -1,188 +1,5 @@ { "matches": [ - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -207,9 +24,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -239,7 +56,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -254,9 +71,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -274,9 +92,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -369,9 +187,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -401,7 +219,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -416,9 +234,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -436,9 +255,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -520,76 +339,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -682,9 +684,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -692,7 +694,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -727,9 +729,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -823,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -889,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -992,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1058,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1161,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1217,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1309,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1382,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1485,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1558,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1660,9 +1662,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1678,7 +1680,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1709,9 +1711,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1801,9 +1803,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1819,7 +1821,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1850,9 +1852,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1953,9 +1955,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -1971,7 +1973,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2013,9 +2015,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2106,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2155,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2224,20 +2226,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2245,49 +2247,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2296,40 +2309,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2344,21 +2339,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2372,95 +2370,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2469,47 +2470,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2517,21 +2500,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2545,66 +2531,71 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2614,93 +2605,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2717,21 +2679,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2745,13 +2707,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2762,39 +2724,45 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2802,58 +2770,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2868,21 +2852,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2896,56 +2880,68 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2953,63 +2949,711 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" - } - ], - "cwes": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-1632", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.04305 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", @@ -3025,8 +3669,11 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], @@ -3101,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ @@ -3170,37 +3817,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3224,49 +3871,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3289,7 +3936,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3331,37 +3978,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3385,49 +4032,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3450,7 +4097,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3526,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3576,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3645,38 +4292,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3685,46 +4332,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3740,21 +4387,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-1484", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3768,13 +4415,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3785,38 +4432,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3825,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3854,17 +4501,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3872,7 +4519,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3880,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3908,25 +4555,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3936,20 +4572,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3957,18 +4593,18 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3976,28 +4612,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4005,18 +4641,18 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -4031,21 +4667,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4059,13 +4695,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4076,20 +4712,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4097,16 +4733,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4130,49 +4766,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4195,7 +4843,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4237,20 +4885,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4258,16 +4906,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4291,49 +4939,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4356,7 +5016,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4409,12 +5069,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4430,16 +5090,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4463,32 +5123,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4496,16 +5155,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4528,7 +5187,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4570,12 +5229,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4591,16 +5250,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4624,32 +5283,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4657,16 +5315,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4689,7 +5347,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4742,243 +5400,96 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.031049999999999994 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], - "epss": [ - { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "epss": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], - "risk": 0.028025 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5001,11 +5512,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5043,20 +5551,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5064,82 +5572,75 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.028025 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5162,11 +5663,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5229,327 +5727,168 @@ "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.3" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c4aab225b8ee48d6", - "name": "fluent-bit", - "version": "25.12.3", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.12.3", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" + ], "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.12.3" + } }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", - "type": "rpm", + "id": "c4aab225b8ee48d6", + "name": "fluent-bit", + "version": "25.12.3", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c13d34e55176de111789b88a6d5f53ae9a1fa69e741de5daeafb263ea6b475ca", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.12.3:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.12.3", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.027804999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5564,24 +5903,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5595,29 +5931,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", @@ -5633,64 +5969,49 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5698,25 +6019,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5724,24 +6045,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5755,28 +6073,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -5806,8 +6113,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5849,8 +6156,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -5944,8 +6251,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5987,8 +6294,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6082,8 +6389,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6102,7 +6409,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6144,8 +6451,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6239,8 +6546,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6259,7 +6566,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6301,8 +6608,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6407,243 +6714,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6651,21 +6800,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6679,14 +6831,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6718,9 +6885,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6750,7 +6917,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6783,9 +6950,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6878,9 +7045,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6910,7 +7077,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6943,9 +7110,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7050,8 +7217,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7111,8 +7278,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7208,8 +7375,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7235,194 +7402,49 @@ "severity": "Medium", "urls": [ "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gcc", - "version": "11.5.0-11.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0207 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7430,7 +7452,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7438,21 +7460,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -7466,14 +7488,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7483,39 +7510,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7523,61 +7550,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7592,21 +7605,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7623,10 +7636,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7637,12 +7650,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -7658,17 +7671,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7677,46 +7690,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7724,7 +7737,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7732,21 +7745,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7760,14 +7773,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7777,20 +7801,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7798,18 +7822,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7817,28 +7841,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7846,18 +7871,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7872,21 +7897,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -7900,13 +7925,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7940,8 +7965,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8005,8 +8030,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8111,8 +8136,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8176,8 +8201,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8259,44 +8284,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8305,191 +8324,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014739999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" - ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8506,21 +8393,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } - ], - "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8534,13 +8421,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8551,37 +8438,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8591,51 +8478,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8644,7 +8525,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8652,21 +8533,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -8680,25 +8561,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8730,9 +8600,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -8748,7 +8618,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01449 }, "relatedVulnerabilities": [ { @@ -8792,9 +8662,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -8884,9 +8754,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -8922,7 +8792,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.012240000000000003 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { @@ -8971,9 +8841,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9035,198 +8905,53 @@ "licenses": [ "GPLv3+" ], - "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011895 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" - ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9235,51 +8960,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9295,21 +9021,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9323,72 +9049,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9397,53 +9117,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9459,21 +9186,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9487,13 +9214,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9504,37 +9231,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9544,31 +9271,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01173 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -9576,27 +9303,27 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9619,7 +9346,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -9658,38 +9385,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9698,60 +9431,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9767,21 +9493,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9795,13 +9521,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9835,8 +9561,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ @@ -9901,8 +9627,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ @@ -9974,6 +9700,146 @@ } } }, + { + "vulnerability": { + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01008 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + ], + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1757", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2026-0915", @@ -9999,8 +9865,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10019,7 +9885,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10061,8 +9927,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10156,8 +10022,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10176,7 +10042,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10218,8 +10084,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10324,8 +10190,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10344,7 +10210,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10386,8 +10252,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10473,20 +10339,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10494,47 +10360,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008960000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10542,18 +10426,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10568,21 +10452,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10596,116 +10483,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10713,7 +10605,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10721,21 +10613,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10749,137 +10644,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10887,21 +10795,24 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10915,122 +10826,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11038,21 +10966,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11066,92 +10997,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -11159,34 +11096,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11202,21 +11133,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11230,13 +11161,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11247,20 +11178,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11268,18 +11199,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -11287,47 +11218,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11342,21 +11278,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11370,103 +11306,90 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11474,16 +11397,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -11492,7 +11415,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11501,22 +11424,19 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -11534,11 +11454,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -11548,20 +11479,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11569,60 +11500,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -11631,22 +11552,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -11661,24 +11600,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -11692,142 +11628,127 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -11843,24 +11764,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11874,139 +11792,111 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12014,24 +11904,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12045,141 +11932,126 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -12196,21 +12068,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12224,13 +12096,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12241,20 +12113,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12262,18 +12134,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12281,41 +12153,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12323,18 +12182,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -12355,7 +12214,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -12416,9 +12275,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12448,7 +12307,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -12482,9 +12341,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12577,9 +12436,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12605,54 +12464,236 @@ }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:771008481a6efa7a4d1936ad1afbca78a04f051b6e1cab77ef42394b57afb85c", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], - "risk": 0.00539 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68160", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -12660,7 +12701,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12668,24 +12709,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12699,28 +12737,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -12750,8 +12777,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -12809,7 +12836,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -12834,8 +12865,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -12929,8 +12960,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03553, - "date": "2026-02-23" + "percentile": 0.03626, + "date": "2026-03-09" } ], "cwes": [ @@ -12989,8 +13020,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03553, - "date": "2026-02-23" + "percentile": 0.03626, + "date": "2026-03-09" } ], "cwes": [ @@ -13058,98 +13089,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -13165,21 +13199,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13193,13 +13230,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13210,98 +13247,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0034999999999999996 + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13309,21 +13357,24 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13337,14 +13388,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13354,88 +13416,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -13450,21 +13526,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13478,23 +13557,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -13506,39 +13589,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.8, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -13546,55 +13629,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0034299999999999995 + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13602,21 +13696,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -13630,25 +13724,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13658,106 +13741,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -13766,7 +13833,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13774,24 +13841,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -13805,19 +13869,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13827,108 +13886,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -13943,24 +13982,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -13974,17 +14010,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -13996,108 +14038,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14112,24 +14134,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14143,17 +14162,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14188,8 +14213,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14235,6 +14260,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14257,8 +14283,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14296,8 +14322,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "31d143a38566e735", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14315,10 +14341,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -14357,8 +14383,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14404,6 +14430,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14426,8 +14453,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14465,8 +14492,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "1bd147c6291221f2", + "name": "libfdisk", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14481,13 +14508,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -14526,8 +14553,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14573,6 +14600,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14595,8 +14623,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14611,7 +14639,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14620,7 +14648,7 @@ }, "package": { "name": "util-linux", - "version": "0:2.37.4-21.el9" + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -14634,8 +14662,8 @@ } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14650,20 +14678,19 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14696,8 +14723,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14743,6 +14770,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14765,8 +14793,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14804,8 +14832,8 @@ } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14820,23 +14848,13 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -14851,102 +14869,109 @@ } }, { - "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14954,7 +14979,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14962,24 +14987,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14993,14 +15018,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15010,101 +15040,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15112,7 +15149,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15120,24 +15157,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15151,25 +15188,20 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15179,101 +15211,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + { + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15289,24 +15328,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15320,27 +15359,27 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15374,9 +15413,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15406,7 +15445,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15437,9 +15476,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15532,9 +15571,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15564,7 +15603,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15595,9 +15634,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15679,20 +15718,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15700,18 +15739,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -15719,43 +15758,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15763,18 +15787,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -15789,21 +15813,21 @@ "version": "9.7" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -15817,13 +15841,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -15834,104 +15858,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15947,24 +15966,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15978,121 +15994,118 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16100,7 +16113,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16108,24 +16121,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { @@ -16139,127 +16149,121 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "zlib and Boost" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" - ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -16275,21 +16279,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16303,122 +16310,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-24515", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24515", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00188, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24515", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.001475 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24515", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/pull/1131" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24515", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00188, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24515", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16426,21 +16440,24 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24515", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16454,37 +16471,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2026-24515", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16492,17 +16520,17 @@ ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00246, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -16511,28 +16539,39 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00145 + "risk": 0.001475 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2026-24515", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/libexpat/libexpat/pull/1131" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16540,17 +16579,17 @@ ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00246, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Primary" } ] @@ -16566,21 +16605,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", + "vulnerabilityID": "CVE-2026-24515", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -16594,13 +16633,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -17031,7 +17070,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17210,107 +17249,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.12.3.md b/docs/security/agent/grype-25.12.3.md index cd01620..8bc2764 100644 --- a/docs/security/agent/grype-25.12.3.md +++ b/docs/security/agent/grype-25.12.3.md @@ -9,27 +9,27 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.12.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.12.3 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.12.3 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -54,23 +54,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -80,36 +79,37 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2026-24515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-25.12.4.json b/docs/security/agent/grype-25.12.4.json index 63576af..c34b05a 100644 --- a/docs/security/agent/grype-25.12.4.json +++ b/docs/security/agent/grype-25.12.4.json @@ -1,188 +1,5 @@ { "matches": [ - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -207,9 +24,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -239,7 +56,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -254,9 +71,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -274,9 +92,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -369,9 +187,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -401,7 +219,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -416,9 +234,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -436,9 +255,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -520,76 +339,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -682,9 +684,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -692,7 +694,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -727,9 +729,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -823,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -889,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -992,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1058,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1161,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1217,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1309,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1382,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1485,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1558,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1660,9 +1662,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1678,7 +1680,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1709,9 +1711,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1801,9 +1803,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1819,7 +1821,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1850,9 +1852,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1953,9 +1955,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -1971,7 +1973,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2013,9 +2015,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2106,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2155,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2224,20 +2226,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2245,49 +2247,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2296,40 +2309,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2344,21 +2339,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2372,95 +2370,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2469,47 +2470,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2517,21 +2500,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2545,66 +2531,71 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2614,93 +2605,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2717,21 +2679,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2745,13 +2707,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2762,39 +2724,45 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2802,58 +2770,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2868,21 +2852,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2896,56 +2880,68 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2953,63 +2949,711 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" - } - ], - "cwes": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-1632", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.04305 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", @@ -3025,8 +3669,11 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], @@ -3101,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ @@ -3170,37 +3817,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3224,49 +3871,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3289,7 +3936,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3331,37 +3978,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3385,49 +4032,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3450,7 +4097,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3526,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3576,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3645,38 +4292,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3685,46 +4332,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3740,21 +4387,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-1484", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3768,13 +4415,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3785,38 +4432,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3825,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3854,17 +4501,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3872,7 +4519,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3880,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3908,25 +4555,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3936,20 +4572,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3957,18 +4593,18 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3976,28 +4612,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4005,18 +4641,18 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -4031,21 +4667,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4059,13 +4695,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4076,20 +4712,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4097,16 +4733,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4130,49 +4766,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4195,7 +4843,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4237,20 +4885,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4258,16 +4906,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4291,49 +4939,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4356,7 +5016,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4409,12 +5069,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4430,16 +5090,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4463,32 +5123,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4496,16 +5155,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4528,7 +5187,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4570,12 +5229,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4591,16 +5250,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4624,32 +5283,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4657,16 +5315,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4689,7 +5347,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4742,243 +5400,96 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.031049999999999994 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], - "epss": [ - { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "epss": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], - "risk": 0.028025 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5001,11 +5512,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5043,20 +5551,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5064,82 +5572,75 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.028025 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5162,11 +5663,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5229,327 +5727,168 @@ "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "25.12.4" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "a747661bde11c949", - "name": "fluent-bit", - "version": "25.12.4", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@25.12.4", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" + ], "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "25.12.4" + } }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", - "type": "rpm", + "id": "a747661bde11c949", + "name": "fluent-bit", + "version": "25.12.4", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:690576c7270cb3dc560e835cdc037661eb3393ee45592c191e9a7dcdd8785a9d", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:25.12.4:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@25.12.4", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.027804999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5564,24 +5903,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5595,29 +5931,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", @@ -5633,64 +5969,49 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5698,25 +6019,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5724,24 +6045,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5755,28 +6073,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -5806,8 +6113,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5849,8 +6156,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -5944,8 +6251,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5987,8 +6294,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6082,8 +6389,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6102,7 +6409,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6144,8 +6451,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6239,8 +6546,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6259,7 +6566,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6301,8 +6608,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6407,243 +6714,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6651,21 +6800,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6679,14 +6831,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6718,9 +6885,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6750,7 +6917,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6783,9 +6950,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6878,9 +7045,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6910,7 +7077,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6943,9 +7110,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7050,8 +7217,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7111,8 +7278,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7208,8 +7375,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7235,194 +7402,49 @@ "severity": "Medium", "urls": [ "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gcc", - "version": "11.5.0-11.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0207 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7430,7 +7452,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7438,21 +7460,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -7466,14 +7488,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7483,39 +7510,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7523,61 +7550,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7592,21 +7605,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7623,10 +7636,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7637,12 +7650,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -7658,17 +7671,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7677,46 +7690,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7724,7 +7737,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7732,21 +7745,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7760,14 +7773,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7777,20 +7801,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7798,18 +7822,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7817,28 +7841,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7846,18 +7871,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7872,21 +7897,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -7900,13 +7925,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7940,8 +7965,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8005,8 +8030,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8111,8 +8136,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8176,8 +8201,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8259,44 +8284,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8305,191 +8324,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014739999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" - ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8506,21 +8393,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } - ], - "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8534,13 +8421,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8551,37 +8438,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8591,51 +8478,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8644,7 +8525,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8652,21 +8533,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -8680,25 +8561,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8730,9 +8600,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -8748,7 +8618,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01449 }, "relatedVulnerabilities": [ { @@ -8792,9 +8662,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -8884,9 +8754,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -8922,7 +8792,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.012240000000000003 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { @@ -8971,9 +8841,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9035,198 +8905,53 @@ "licenses": [ "GPLv3+" ], - "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011895 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" - ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9235,51 +8960,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9295,21 +9021,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9323,72 +9049,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9397,53 +9117,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9459,21 +9186,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9487,13 +9214,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9504,37 +9231,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9544,31 +9271,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01173 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -9576,27 +9303,27 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9619,7 +9346,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -9658,38 +9385,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9698,60 +9431,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9767,21 +9493,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9795,13 +9521,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9835,8 +9561,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ @@ -9901,8 +9627,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ @@ -9974,6 +9700,146 @@ } } }, + { + "vulnerability": { + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01008 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + ], + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1757", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2026-0915", @@ -9999,8 +9865,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10019,7 +9885,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10061,8 +9927,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10156,8 +10022,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10176,7 +10042,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10218,8 +10084,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10324,8 +10190,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10344,7 +10210,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10386,8 +10252,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10473,20 +10339,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10494,47 +10360,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008960000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10542,18 +10426,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10568,21 +10452,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10596,116 +10483,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10713,7 +10605,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10721,21 +10613,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10749,137 +10644,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10887,21 +10795,24 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10915,122 +10826,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11038,21 +10966,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11066,92 +10997,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -11159,34 +11096,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11202,21 +11133,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11230,13 +11161,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11247,20 +11178,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11268,18 +11199,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -11287,47 +11218,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11342,21 +11278,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11370,103 +11306,90 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11474,16 +11397,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -11492,7 +11415,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11501,22 +11424,19 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -11534,11 +11454,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -11548,20 +11479,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11569,60 +11500,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -11631,22 +11552,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -11661,24 +11600,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -11692,142 +11628,127 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -11843,24 +11764,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11874,139 +11792,111 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12014,24 +11904,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12045,141 +11932,126 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -12196,21 +12068,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12224,13 +12096,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12241,20 +12113,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12262,18 +12134,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12281,41 +12153,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12323,18 +12182,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -12355,7 +12214,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -12416,9 +12275,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12448,7 +12307,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -12482,9 +12341,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12577,9 +12436,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12605,54 +12464,236 @@ }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], - "risk": 0.00539 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68160", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -12660,7 +12701,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12668,24 +12709,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12699,28 +12737,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -12750,8 +12777,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -12809,7 +12836,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -12834,8 +12865,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -12929,8 +12960,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03553, - "date": "2026-02-23" + "percentile": 0.03626, + "date": "2026-03-09" } ], "cwes": [ @@ -12989,8 +13020,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03553, - "date": "2026-02-23" + "percentile": 0.03626, + "date": "2026-03-09" } ], "cwes": [ @@ -13058,98 +13089,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -13165,21 +13199,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13193,13 +13230,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13210,98 +13247,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0034999999999999996 + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13309,21 +13357,24 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13337,14 +13388,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13354,88 +13416,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -13450,21 +13526,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13478,23 +13557,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -13506,39 +13589,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.8, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -13546,55 +13629,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0034299999999999995 + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13602,21 +13696,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -13630,25 +13724,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13658,106 +13741,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -13766,7 +13833,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13774,24 +13841,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -13805,19 +13869,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13827,108 +13886,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -13943,24 +13982,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -13974,17 +14010,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -13996,108 +14038,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14112,24 +14134,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14143,17 +14162,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14188,8 +14213,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14235,6 +14260,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14257,8 +14283,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14296,8 +14322,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "31d143a38566e735", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14315,10 +14341,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -14357,8 +14383,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14404,6 +14430,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14426,8 +14453,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14465,8 +14492,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "1bd147c6291221f2", + "name": "libfdisk", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14481,13 +14508,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -14526,8 +14553,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14573,6 +14600,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14595,8 +14623,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14611,7 +14639,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14620,7 +14648,7 @@ }, "package": { "name": "util-linux", - "version": "0:2.37.4-21.el9" + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -14634,8 +14662,8 @@ } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14650,20 +14678,19 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14696,8 +14723,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14743,6 +14770,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14765,8 +14793,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14804,8 +14832,8 @@ } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14820,23 +14848,13 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -14851,102 +14869,109 @@ } }, { - "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14954,7 +14979,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14962,24 +14987,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14993,14 +15018,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15010,101 +15040,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15112,7 +15149,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15120,24 +15157,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15151,25 +15188,20 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15179,101 +15211,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + { + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15289,24 +15328,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15320,27 +15359,27 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15374,9 +15413,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15406,7 +15445,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15437,9 +15476,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15532,9 +15571,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15564,7 +15603,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15595,9 +15634,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15679,20 +15718,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15700,18 +15739,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -15719,43 +15758,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15763,18 +15787,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -15789,21 +15813,21 @@ "version": "9.7" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -15817,13 +15841,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -15834,104 +15858,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15947,24 +15966,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15978,121 +15994,118 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16100,7 +16113,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16108,24 +16121,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { @@ -16139,127 +16149,121 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "zlib and Boost" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" - ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -16275,21 +16279,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16303,122 +16310,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-24515", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24515", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00188, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24515", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.001475 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24515", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/pull/1131" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24515", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00188, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24515", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16426,21 +16440,24 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24515", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16454,37 +16471,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2026-24515", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16492,17 +16520,17 @@ ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00246, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -16511,28 +16539,39 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00145 + "risk": 0.001475 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2026-24515", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/libexpat/libexpat/pull/1131" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16540,17 +16579,17 @@ ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00246, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Primary" } ] @@ -16566,21 +16605,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", + "vulnerabilityID": "CVE-2026-24515", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -16594,13 +16633,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -17031,7 +17070,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17210,107 +17249,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-25.12.4.md b/docs/security/agent/grype-25.12.4.md index 7fa9383..f426cb0 100644 --- a/docs/security/agent/grype-25.12.4.md +++ b/docs/security/agent/grype-25.12.4.md @@ -9,27 +9,27 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 25.12.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 25.12.4 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 25.12.4 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -54,23 +54,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -80,36 +79,37 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2026-24515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-26.1.1.json b/docs/security/agent/grype-26.1.1.json index 987bfa7..c5ce782 100644 --- a/docs/security/agent/grype-26.1.1.json +++ b/docs/security/agent/grype-26.1.1.json @@ -1,188 +1,5 @@ { "matches": [ - { - "vulnerability": { - "id": "CVE-2023-2953", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 2.9, - "impactScore": 4.3 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.7403299999999999 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2023-2953", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://seclists.org/fulldisclosure/2023/Jul/47", - "http://seclists.org/fulldisclosure/2023/Jul/48", - "http://seclists.org/fulldisclosure/2023/Jul/52", - "https://access.redhat.com/security/cve/CVE-2023-2953", - "https://bugs.openldap.org/show_bug.cgi?id=9904", - "https://security.netapp.com/advisory/ntap-20230703-0005/", - "https://support.apple.com/kb/HT213843", - "https://support.apple.com/kb/HT213844", - "https://support.apple.com/kb/HT213845" - ], - "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2023-2953", - "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "secalert@redhat.com", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Secondary" - }, - { - "cve": "CVE-2023-2953", - "cwe": "CWE-476", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2023-2953", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "OLDAP-2.8" - ], - "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, { "vulnerability": { "id": "CVE-2025-15467", @@ -207,9 +24,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -239,7 +56,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -254,9 +71,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -274,9 +92,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -369,9 +187,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -401,7 +219,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.58128 + "risk": 0.8736499999999999 }, "relatedVulnerabilities": [ { @@ -416,9 +234,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -436,9 +255,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -520,76 +339,259 @@ }, { "vulnerability": { - "id": "CVE-2024-11053", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-2953", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "description": "A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 7.1, + "exploitabilityScore": 2.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.7403299999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-11053", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "id": "CVE-2023-2953", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-2953", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2024-11053.html", - "https://curl.se/docs/CVE-2024-11053.json", - "https://hackerone.com/reports/2829063", - "http://www.openwall.com/lists/oss-security/2024/12/11/1", - "https://security.netapp.com/advisory/ntap-20250124-0012/", - "https://security.netapp.com/advisory/ntap-20250131-0003/", - "https://security.netapp.com/advisory/ntap-20250131-0004/" + "http://seclists.org/fulldisclosure/2023/Jul/47", + "http://seclists.org/fulldisclosure/2023/Jul/48", + "http://seclists.org/fulldisclosure/2023/Jul/52", + "https://access.redhat.com/security/cve/CVE-2023-2953", + "https://bugs.openldap.org/show_bug.cgi?id=9904", + "https://security.netapp.com/advisory/ntap-20230703-0005/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845" ], - "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "description": "A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.4, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-2953", + "epss": 0.01466, + "percentile": 0.8064, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "secalert@redhat.com", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Secondary" + }, + { + "cve": "CVE-2023-2953", + "cwe": "CWE-476", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openldap", + "version": "0:2.6.8-4.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2023-2953", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "OLDAP-2.8" + ], + "cpes": [ + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2024-11053", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-11053", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-11053", + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.4223050000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-11053", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://curl.se/docs/CVE-2024-11053.html", + "https://curl.se/docs/CVE-2024-11053.json", + "https://hackerone.com/reports/2829063", + "http://www.openwall.com/lists/oss-security/2024/12/11/1", + "https://security.netapp.com/advisory/ntap-20250124-0012/", + "https://security.netapp.com/advisory/ntap-20250131-0003/", + "https://security.netapp.com/advisory/ntap-20250131-0004/" + ], + "description": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", + "metrics": { + "baseScore": 3.4, + "exploitabilityScore": 1.7, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } ], "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -682,9 +684,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -692,7 +694,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -727,9 +729,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -823,8 +825,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -889,8 +891,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -992,8 +994,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1058,8 +1060,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -1161,8 +1163,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1217,8 +1219,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -1309,8 +1311,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1382,8 +1384,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1485,8 +1487,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1558,8 +1560,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1660,9 +1662,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1678,7 +1680,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1709,9 +1711,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1801,9 +1803,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1819,7 +1821,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1850,9 +1852,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1953,9 +1955,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -1971,7 +1973,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -2013,9 +2015,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -2106,8 +2108,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2155,8 +2157,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -2224,20 +2226,20 @@ }, { "vulnerability": { - "id": "CVE-2023-32636", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2245,49 +2247,60 @@ ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.08233999999999998 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-32636", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", - "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", - "https://security.netapp.com/advisory/ntap-20231110-0002/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2296,40 +2309,22 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-32636", - "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-32636", - "cwe": "CWE-400", - "source": "secalert@redhat.com", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-32636", - "cwe": "CWE-502", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -2344,21 +2339,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-32636", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2372,95 +2370,98 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-27113", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", + "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.066185 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.08855500000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-27113", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", - "http://seclists.org/fulldisclosure/2025/Apr/10", - "http://seclists.org/fulldisclosure/2025/Apr/11", - "http://seclists.org/fulldisclosure/2025/Apr/12", - "http://seclists.org/fulldisclosure/2025/Apr/13", - "http://seclists.org/fulldisclosure/2025/Apr/4", - "http://seclists.org/fulldisclosure/2025/Apr/5", - "http://seclists.org/fulldisclosure/2025/Apr/8", - "http://seclists.org/fulldisclosure/2025/Apr/9", - "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250306-0004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2469,47 +2470,29 @@ "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-27113", - "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2025-27113", - "cwe": "CWE-476", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2517,21 +2500,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-27113", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -2545,66 +2531,71 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-1632", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-32636", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2614,93 +2605,64 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.062369999999999995 + "risk": 0.08233999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-1632", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", + "id": "CVE-2023-32636", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-32636", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", - "https://vuldb.com/?ctiid.296619", - "https://vuldb.com/?id.296619", - "https://vuldb.com/?submit.496460" + "https://gitlab.gnome.org/GNOME/glib/-/issues/2841", + "https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835", + "https://security.netapp.com/advisory/ntap-20231110-0002/" ], - "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", + "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", - "metrics": { - "baseScore": 4.8 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cna@vuldb.com", - "type": "Secondary", - "version": "2.0", - "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 1.7, - "exploitabilityScore": 3.2, - "impactScore": 2.9 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-1632", - "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "cve": "CVE-2023-32636", + "epss": 0.00179, + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-1632", - "cwe": "CWE-404", - "source": "cna@vuldb.com", - "type": "Secondary" - }, - { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", - "source": "cna@vuldb.com", + "cve": "CVE-2023-32636", + "cwe": "CWE-400", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2025-1632", - "cwe": "CWE-476", + "cve": "CVE-2023-32636", + "cwe": "CWE-502", "source": "nvd@nist.gov", "type": "Primary" } @@ -2717,21 +2679,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-1632", + "vulnerabilityID": "CVE-2023-32636", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -2745,13 +2707,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -2762,39 +2724,45 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-27113", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2802,58 +2770,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.066185 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-27113", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-27113", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/861", + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250306-0004/" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-27113", + "epss": 0.00217, + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Secondary" + }, + { + "cve": "CVE-2025-27113", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2868,21 +2852,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-27113", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -2896,56 +2880,68 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-1632", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -2953,63 +2949,711 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.062369999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-1632", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-1632", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc", + "https://vuldb.com/?ctiid.296619", + "https://vuldb.com/?id.296619", + "https://vuldb.com/?submit.496460" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} - } - ], - "epss": [ + }, { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" - } - ], - "cwes": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "metrics": { + "baseScore": 4.8 + }, + "vendorMetadata": {} + }, { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", + "version": "2.0", + "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.7, + "exploitabilityScore": 3.2, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-1632", + "epss": 0.00198, + "percentile": 0.41718, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-1632", + "cwe": "CWE-404", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "cna@vuldb.com", + "type": "Secondary" + }, + { + "cve": "CVE-2025-1632", + "cwe": "CWE-476", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-1632", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.04305 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" + ], + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-60753", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "BSD" + ], + "cpes": [ + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.03796 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + ], + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1489", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "1:3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-69419", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.03782 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ { "type": "exact-indirect-match", "matcher": "rpm-matcher", @@ -3025,8 +3669,11 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], @@ -3101,8 +3748,8 @@ { "cve": "CVE-2025-29478", "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ @@ -3170,37 +3817,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3224,49 +3871,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3289,7 +3936,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3331,37 +3978,37 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#12 (Personal Information Exchange Syntax Standard) file, a remote attacker can exploit an out-of-bounds write vulnerability. This issue, occurring within the OPENSSL_uni2utf8() function, leads to memory corruption by writing data beyond its allocated buffer. Successful exploitation could result in a denial of service or potentially allow for arbitrary code execution.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3385,49 +4032,49 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.03472 + "risk": 0.034265000000000004 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -3450,7 +4097,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69419", + "vulnerabilityID": "CVE-2026-22796", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -3526,8 +4173,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3576,8 +4223,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -3645,38 +4292,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3685,46 +4332,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3740,21 +4387,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-1484", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -3768,13 +4415,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -3785,38 +4432,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-0990", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -3825,28 +4472,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.031610000000000006 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-0990", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-0990", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3854,17 +4501,17 @@ ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-0990", + "epss": 0.00058, + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-0990", + "cwe": "CWE-674", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -3872,7 +4519,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3880,21 +4527,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-0990", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -3908,25 +4555,14 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3936,20 +4572,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0990", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0990", + "id": "CVE-2025-14512", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3957,18 +4593,18 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -3976,28 +4612,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.031610000000000006 + "risk": 0.031049999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0990", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0990", + "id": "CVE-2025-14512", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0990", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429959" + "https://access.redhat.com/security/cve/CVE-2025-14512", + "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" ], - "description": "A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a specially crafted XML catalog, leading to infinite recursion and call stack exhaustion. This ultimately results in a segmentation fault, causing a Denial of Service (DoS) by crashing affected applications.", + "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4005,18 +4641,18 @@ ], "epss": [ { - "cve": "CVE-2026-0990", - "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "cve": "CVE-2025-14512", + "epss": 0.00054, + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0990", - "cwe": "CWE-674", + "cve": "CVE-2025-14512", + "cwe": "CWE-190", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -4031,21 +4667,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0990", + "vulnerabilityID": "CVE-2025-14512", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -4059,13 +4695,13 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4076,20 +4712,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4097,16 +4733,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4130,49 +4766,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4195,7 +4843,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4237,20 +4885,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a denial of service (DoS) by providing specially crafted PKCS#7 data to an application that performs signature verification. The vulnerability occurs because the application accesses an ASN1_TYPE union member without proper type validation, leading to an invalid or NULL pointer dereference and a crash.", + "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 6.5, + "exploitabilityScore": 2.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4258,16 +4906,16 @@ ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4291,49 +4939,61 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.030875 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4356,7 +5016,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22796", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4409,12 +5069,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4430,16 +5090,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4463,32 +5123,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4496,16 +5155,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4528,7 +5187,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4570,12 +5229,12 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A type confusion vulnerability exists in the TimeStamp Response verification code, where an ASN1_TYPE union member is accessed without proper type validation. A remote attacker can exploit this by providing a malformed TimeStamp Response to an application that verifies timestamp responses. This can lead to an invalid or NULL pointer dereference, resulting in a Denial of Service (DoS) due to an application crash.", + "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", "cvss": [ { "type": "Secondary", @@ -4591,16 +5250,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4624,32 +5283,31 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.031150000000000004 + "risk": 0.028480000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-66199", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", + "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", + "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", + "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -4657,16 +5315,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-66199", + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-66199", + "cwe": "CWE-789", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -4689,7 +5347,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-66199", "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" }, "fix": { @@ -4742,243 +5400,96 @@ }, { "vulnerability": { - "id": "CVE-2025-14512", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14512", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.031049999999999994 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14512", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14512", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14512", - "https://bugzilla.redhat.com/show_bug.cgi?id=2421339" - ], - "description": "A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14512", - "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14512", - "cwe": "CWE-190", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-14512", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+" - ], - "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} } ], - "epss": [ - { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ + "epss": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], - "risk": 0.028025 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5001,11 +5512,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5043,20 +5551,20 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by providing a specially crafted, malformed PKCS#12 file to an application that processes it. The flaw occurs due to a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function when handling the malformed file, leading to an application crash.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5064,82 +5572,75 @@ ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.028025 + "advisories": [], + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2024-13176", + "cwe": "CWE-385", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -5162,11 +5663,8 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-13176", + "versionConstraint": "none (unknown)" } } ], @@ -5229,327 +5727,168 @@ "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.027825000000000003 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "26.1.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "6f4d3a571294a37a", - "name": "fluent-bit", - "version": "26.1.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@26.1.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "rpm-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" + ], "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" - }, - "namespace": "redhat:distro:redhat:9" + "name": "fluent-bit", + "version": "26.1.1" + } }, "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", - "type": "rpm", + "id": "6f4d3a571294a37a", + "name": "fluent-bit", + "version": "26.1.1", + "type": "binary", "locations": [ { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:49601c7b67860456eada527b6860659186c76ebd44bc07d4be0e5d0f389b29a6", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } } ], "language": "", - "licenses": [ - "GPLv3+ and LGPLv2+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:26.1.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } + "purl": "pkg:github/fluent/fluent-bit@26.1.1", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.026255000000000007 + "advisories": [], + "risk": 0.027804999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -5564,24 +5903,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -5595,29 +5931,29 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-66199", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. A remote attacker can exploit this vulnerability by sending a specially crafted CompressedCertificate message during the TLS 1.3 handshake. This can cause excessive per-connection memory allocations, leading to resource exhaustion and a Denial of Service (DoS) for affected clients and servers. This issue occurs when TLS 1.3 certificate compression is enabled and negotiated.", + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", "cvss": [ { "type": "Secondary", @@ -5633,64 +5969,49 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], "risk": 0.026255000000000007 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-66199", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-66199", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3ed1f75249932b155eef993a8e66a99cb98bfef4", - "https://github.com/openssl/openssl/commit/6184a4fb08ee6d7bca570d931a4e8bef40b64451", - "https://github.com/openssl/openssl/commit/895150b5e021d16b52fb32b97e1dd12f20448be5", - "https://github.com/openssl/openssl/commit/966a2478046c311ed7dae50c457d0db4cafbf7e4", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "Issue summary: A TLS 1.3 connection using certificate compression can be\nforced to allocate a large buffer before decompression without checking\nagainst the configured certificate size limit.\n\nImpact summary: An attacker can cause per-connection memory allocations of\nup to approximately 22 MiB and extra CPU work, potentially leading to\nservice degradation or resource exhaustion (Denial of Service).\n\nIn affected configurations, the peer-supplied uncompressed certificate\nlength from a CompressedCertificate message is used to grow a heap buffer\nprior to decompression. This length is not bounded by the max_cert_list\nsetting, which otherwise constrains certificate message sizes. An attacker\ncan exploit this to cause large per-connection allocations followed by\nhandshake failure. No memory corruption or information disclosure occurs.\n\nThis issue only affects builds where TLS 1.3 certificate compression is\ncompiled in (i.e., not OPENSSL_NO_COMP_ALG) and at least one compression\nalgorithm (brotli, zlib, or zstd) is available, and where the compression\nextension is negotiated. Both clients receiving a server CompressedCertificate\nand servers in mutual TLS scenarios receiving a client CompressedCertificate\nare affected. Servers that do not request client certificates are not\nvulnerable to client-initiated attacks.\n\nUsers can mitigate this issue by setting SSL_OP_NO_RX_CERTIFICATE_COMPRESSION\nto disable receiving compressed certificates.\n\nThe FIPS modules in 3.6, 3.5, 3.4 and 3.3 are not affected by this issue,\nas the TLS implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4 and 3.3 are vulnerable to this issue.\n\nOpenSSL 3.0, 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 7.5, + "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -5698,25 +6019,25 @@ ], "epss": [ { - "cve": "CVE-2025-66199", + "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-66199", - "cwe": "CWE-789", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5724,24 +6045,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libtasn1", + "version": "0:4.16.0-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-66199", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", "type": "rpm", "locations": [ { @@ -5755,28 +6073,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -5806,8 +6113,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5849,8 +6156,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -5944,8 +6251,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -5987,8 +6294,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -6082,8 +6389,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6102,7 +6409,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6144,8 +6451,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6239,8 +6546,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6259,7 +6566,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -6301,8 +6608,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -6407,243 +6714,85 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "0:2.34-231.el9_7.10" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", - "kind": "first-observed" - } - ] - }, - "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" - } - ], - "risk": 0.023585000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" - } - } - ], - "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" - ], - "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0234 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.023585000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6651,21 +6800,24 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -6679,14 +6831,29 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6718,9 +6885,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6750,7 +6917,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6783,9 +6950,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6878,9 +7045,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -6910,7 +7077,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.021360000000000004 + "risk": 0.02314 }, "relatedVulnerabilities": [ { @@ -6943,9 +7110,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -7050,8 +7217,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7111,8 +7278,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7208,8 +7375,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -7235,194 +7402,49 @@ "severity": "Medium", "urls": [ "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039", - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", - "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" - ], - "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 8.6, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-27943", - "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-27943", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "gcc", - "version": "11.5.0-11.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-27943", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "e66b7275c6659e9c", - "name": "libstdc++", - "version": "11.5.0-11.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" - ], - "cpes": [ - "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", - "upstreams": [ - { - "name": "gcc", - "version": "11.5.0-11.el9" - } - ], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", - "namespace": "redhat:distro:redhat:9", - "severity": "Medium", - "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", - "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0207 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H424YXGW7OKXS2NCAP35OP6Y4P4AW6VG/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=28995" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 8.6, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-27943", + "epss": 0.0005, + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-27943", + "cwe": "CWE-674", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7430,7 +7452,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7438,21 +7460,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gcc", + "version": "11.5.0-11.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-27943", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "e66b7275c6659e9c", + "name": "libstdc++", + "version": "11.5.0-11.el9", "type": "rpm", "locations": [ { @@ -7466,14 +7488,19 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and GPLv3+ with exceptions and GPLv2+ with exceptions and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libstdc\\+\\+:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libstdc\\+\\+:11.5.0-11.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libstdc%2B%2B@11.5.0-11.el9?arch=x86_64&distro=rhel-9.7&upstream=gcc-11.5.0-11.el9.src.rpm", + "upstreams": [ + { + "name": "gcc", + "version": "11.5.0-11.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7483,39 +7510,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -7523,61 +7550,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -7592,21 +7605,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7623,10 +7636,10 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7637,12 +7650,12 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", @@ -7658,17 +7671,17 @@ ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -7677,46 +7690,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -7724,7 +7737,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -7732,21 +7745,21 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14831", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -7760,14 +7773,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -7777,20 +7801,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14831", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7798,18 +7822,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -7817,28 +7841,29 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, + "baseScore": 5.3, + "exploitabilityScore": 3.9, "impactScore": 1.5 }, "vendorMetadata": {} @@ -7846,18 +7871,18 @@ ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-14831", + "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -7872,21 +7897,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-14831", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -7900,13 +7925,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7940,8 +7965,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8005,8 +8030,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8111,8 +8136,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8176,8 +8201,8 @@ { "cve": "CVE-2025-9086", "epss": 0.00035, - "percentile": 0.10139, - "date": "2026-02-23" + "percentile": 0.09824, + "date": "2026-03-09" } ], "cwes": [ @@ -8259,44 +8284,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -8305,191 +8324,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-60753", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.014739999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" - ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", - "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8506,21 +8393,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } - ], - "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + ], + "artifact": { + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -8534,13 +8421,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8551,37 +8438,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5278", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8591,51 +8478,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01363 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5278", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5278", - "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", - "http://www.openwall.com/lists/oss-security/2025/05/27/2", - "http://www.openwall.com/lists/oss-security/2025/05/29/1", - "http://www.openwall.com/lists/oss-security/2025/05/29/2", - "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", - "https://security-tracker.debian.org/tracker/CVE-2025-5278" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5278", - "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5278", - "cwe": "CWE-121", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", "source": "secalert@redhat.com", "type": "Secondary" } @@ -8644,7 +8525,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -8652,21 +8533,21 @@ "version": "9.7" }, "package": { - "name": "coreutils", - "version": "8.32-39.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5278", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8ef168befafd7b27", - "name": "coreutils-single", - "version": "8.32-39.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -8680,25 +8561,14 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", - "upstreams": [ - { - "name": "coreutils", - "version": "8.32-39.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -8730,9 +8600,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -8748,7 +8618,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.013109999999999998 + "risk": 0.01449 }, "relatedVulnerabilities": [ { @@ -8792,9 +8662,9 @@ "epss": [ { "cve": "CVE-2025-5918", - "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ @@ -8884,9 +8754,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -8922,7 +8792,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:0719" } ], - "risk": 0.012240000000000003 + "risk": 0.013770000000000001 }, "relatedVulnerabilities": [ { @@ -8971,9 +8841,9 @@ "epss": [ { "cve": "CVE-2025-68973", - "epss": 0.00016, - "percentile": 0.03174, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04322, + "date": "2026-03-09" } ], "cwes": [ @@ -9035,198 +8905,53 @@ "licenses": [ "GPLv3+" ], - "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011895 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" - ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0" - ], - "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpes": [ + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5278", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9235,51 +8960,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.01363 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5278", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368764", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633", + "http://www.openwall.com/lists/oss-security/2025/05/27/2", + "http://www.openwall.com/lists/oss-security/2025/05/29/1", + "http://www.openwall.com/lists/oss-security/2025/05/29/2", + "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/tree/NEWS?id=8c9602e3a145e9596dc1a63c6ed67865814b6633#n14", + "https://security-tracker.debian.org/tracker/CVE-2025-5278" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5278", + "epss": 0.00029, + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5278", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9295,21 +9021,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5278", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "8ef168befafd7b27", + "name": "coreutils-single", + "version": "8.32-39.el9", "type": "rpm", "locations": [ { @@ -9323,72 +9049,66 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:coreutils-single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils-single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils_single:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:coreutils:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils-single:8.32-39.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:coreutils_single:8.32-39.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/coreutils-single@8.32-39.el9?arch=x86_64&distro=rhel-9.7&upstream=coreutils-8.32-39.el9.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "coreutils", + "version": "8.32-39.el9" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, - "impactScore": 4.3 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -9397,53 +9117,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.013109999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "metrics": { + "baseScore": 5.6, + "exploitabilityScore": 1.4, + "impactScore": 4.3 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2025-5916", + "epss": 0.00038, + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", - "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", - "type": "Secondary" - }, - { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -9459,21 +9186,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -9487,13 +9214,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9504,37 +9231,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9544,31 +9271,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01173 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.6, + "baseScore": 5, "exploitabilityScore": 1.4, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -9576,27 +9303,27 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, + "baseScore": 2.8, "exploitabilityScore": 1.4, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", "source": "secalert@redhat.com", "type": "Secondary" } @@ -9619,7 +9346,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } @@ -9658,38 +9385,44 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -9698,60 +9431,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, - "impactScore": 1.5 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2026-22185", + "cwe": "CWE-125", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -9767,21 +9493,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -9795,13 +9521,13 @@ ], "language": "", "licenses": [ - "BSD" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9835,8 +9561,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ @@ -9901,8 +9627,8 @@ { "cve": "CVE-2023-4156", "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ @@ -9974,6 +9700,146 @@ } } }, + { + "vulnerability": { + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "namespace": "redhat:distro:redhat:9", + "severity": "Medium", + "urls": [], + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01008 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + ], + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-1757", + "cwe": "CWE-401", + "source": "secalert@redhat.com", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-1757", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "MIT" + ], + "cpes": [ + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, { "vulnerability": { "id": "CVE-2026-0915", @@ -9999,8 +9865,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10019,7 +9885,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10061,8 +9927,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10156,8 +10022,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10176,7 +10042,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10218,8 +10084,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10324,8 +10190,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10344,7 +10210,7 @@ "available": [ { "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "date": "2026-02-27", "kind": "first-observed" } ] @@ -10386,8 +10252,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -10473,20 +10339,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10494,47 +10360,65 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.008960000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -10542,18 +10426,18 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-22795", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -10568,21 +10452,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10596,116 +10483,121 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.007125000000000001 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0072250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", + "cve": "CVE-2026-22795", "cwe": "CWE-754", - "source": "cve@mitre.org", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -10713,7 +10605,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10721,21 +10613,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-22795", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10749,137 +10644,150 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.00693 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "secalert@redhat.com", + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", "type": "Secondary" }, { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -10887,21 +10795,24 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -10915,122 +10826,139 @@ ], "language": "", "licenses": [ - "Public Domain" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-0989", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0067 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0989", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0989", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0989", - "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0989", - "cwe": "CWE-674", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11038,21 +10966,24 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0989", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11066,92 +10997,98 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-30571", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 5.3, + "baseScore": 2.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.006695 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-30571", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/libarchive/libarchive/issues/1876", - "https://groups.google.com/g/libarchive-announce" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 4.3 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -11159,34 +11096,28 @@ "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 0.9, - "impactScore": 2.8 + "baseScore": 2.7, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-30571", - "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "nvd@nist.gov", - "type": "Primary" - }, - { - "cve": "CVE-2023-30571", - "cwe": "CWE-362", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -11202,21 +11133,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-30571", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -11230,13 +11161,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -11247,20 +11178,20 @@ }, { "vulnerability": { - "id": "CVE-2026-0992", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -11268,18 +11199,18 @@ ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -11287,47 +11218,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006490000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0992", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0992", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0992", - "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0992", - "cwe": "CWE-400", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -11342,21 +11278,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0992", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -11370,103 +11306,90 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11474,16 +11397,16 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -11492,7 +11415,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -11501,22 +11424,19 @@ }, "package": { "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", + "id": "9620df42e45abf0c", + "name": "openssl-libs", "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ @@ -11534,11 +11454,22 @@ "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": 1, @@ -11548,20 +11479,20 @@ }, { "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. This type confusion vulnerability allows a remote attacker to cause a Denial of Service (DoS) by tricking a user or application into processing a maliciously crafted PKCS#12 (Personal Information Exchange Syntax Standard) file. The vulnerability leads to an invalid or NULL pointer dereference, resulting in an application crash.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -11569,60 +11500,50 @@ ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0063750000000000005 + "advisories": [], + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { @@ -11631,22 +11552,40 @@ "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -11661,24 +11600,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2024-0232", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -11692,142 +11628,127 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", "upstreams": [ { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" } ], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -11843,24 +11764,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-6170", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -11874,139 +11792,111 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0989", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When an application processes a maliciously crafted PKCS#12 file, an attacker can exploit a stack buffer overflow or a NULL pointer dereference. This can lead to a denial of service (DoS) by crashing the application, and in some cases, may enable arbitrary code execution. The vulnerability arises from the lack of validation for PBKDF2 salt and keylength parameters within the PKCS#12 file.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.006104999999999999 + "advisories": [], + "risk": 0.0067 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0989", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0989", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2026-0989", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429933" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0989", + "epss": 0.0002, + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0989", + "cwe": "CWE-674", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12014,24 +11904,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-0989", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -12045,141 +11932,126 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "MIT" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2022-3219", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-30571", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.005979999999999999 + "risk": 0.006695 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-3219", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", + "id": "CVE-2023-30571", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-30571", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2022-3219", - "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", - "https://dev.gnupg.org/D556", - "https://dev.gnupg.org/T5993", - "https://marc.info/?l=oss-security&m=165696590211434&w=4", - "https://security.netapp.com/advisory/ntap-20230324-0001/" + "https://github.com/libarchive/libarchive/issues/1876", + "https://groups.google.com/g/libarchive-announce" ], - "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", + "description": "Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 5.3, + "exploitabilityScore": 1.1, + "impactScore": 4.3 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "metrics": { - "baseScore": 3.3, - "exploitabilityScore": 1.9, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 0.9, + "impactScore": 2.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-3219", + "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "nvd@nist.gov", "type": "Primary" }, { - "cve": "CVE-2022-3219", - "cwe": "CWE-787", + "cve": "CVE-2023-30571", + "cwe": "CWE-362", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -12196,21 +12068,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-3219", + "vulnerabilityID": "CVE-2023-30571", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -12224,13 +12096,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "BSD" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -12241,20 +12113,20 @@ }, { "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0992", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12262,18 +12134,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ], "fix": { @@ -12281,41 +12153,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0055000000000000005 + "risk": 0.006490000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", + "id": "CVE-2026-0992", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0992", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" + "https://access.redhat.com/security/cve/CVE-2026-0992", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429975" ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", + "description": "A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog. A remote attacker can exploit this by supplying crafted catalogs, causing the parser to redundantly traverse catalog chains. This leads to excessive CPU consumption and degrades application availability, resulting in a denial-of-service condition.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -12323,18 +12182,18 @@ ], "epss": [ { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" + "cve": "CVE-2026-0992", + "epss": 0.00022, + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", + "cve": "CVE-2026-0992", + "cwe": "CWE-400", "source": "secalert@redhat.com", - "type": "Secondary" + "type": "Primary" } ] } @@ -12355,7 +12214,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-6170", + "vulnerabilityID": "CVE-2026-0992", "versionConstraint": "none (unknown)" } } @@ -12416,9 +12275,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12448,7 +12307,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.00539 + "risk": 0.0061600000000000005 }, "relatedVulnerabilities": [ { @@ -12482,9 +12341,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12577,9 +12436,9 @@ "epss": [ { "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ @@ -12605,54 +12464,236 @@ }, "advisories": [ { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0061600000000000005 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "openssl", + "version": "3.5.1-4.el9_7" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" + } + } + ], + "artifact": { + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:20019d6d5374cf6805f69cd0761e791a84ba0a723a25b5b7e78bc179cb09ede1", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0" + ], + "cpes": [ + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2022-3219", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-3219", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], - "risk": 0.00539 + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.005979999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2022-3219", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-3219", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/security/cve/CVE-2022-3219", + "https://bugzilla.redhat.com/show_bug.cgi?id=2127010", + "https://dev.gnupg.org/D556", + "https://dev.gnupg.org/T5993", + "https://marc.info/?l=oss-security&m=165696590211434&w=4", + "https://security.netapp.com/advisory/ntap-20230324-0001/" ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 3.3, + "exploitabilityScore": 1.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "cve": "CVE-2022-3219", + "epss": 0.00013, + "percentile": 0.02086, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68160", + "cve": "CVE-2022-3219", "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2022-3219", + "cwe": "CWE-787", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -12660,7 +12701,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -12668,24 +12709,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2022-3219", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -12699,28 +12737,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -12750,8 +12777,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -12809,7 +12836,11 @@ "https://access.redhat.com/errata/RHSA-2026:2072", "https://access.redhat.com/errata/RHSA-2026:2485", "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2633", "https://access.redhat.com/errata/RHSA-2026:2659", + "https://access.redhat.com/errata/RHSA-2026:2671", + "https://access.redhat.com/errata/RHSA-2026:2974", + "https://access.redhat.com/errata/RHSA-2026:3415", "https://access.redhat.com/security/cve/CVE-2025-13601", "https://bugzilla.redhat.com/show_bug.cgi?id=2416741", "https://gitlab.gnome.org/GNOME/glib/-/issues/3827", @@ -12834,8 +12865,8 @@ { "cve": "CVE-2025-13601", "epss": 0.00008, - "percentile": 0.00714, - "date": "2026-02-23" + "percentile": 0.0074, + "date": "2026-03-09" } ], "cwes": [ @@ -12929,8 +12960,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03553, - "date": "2026-02-23" + "percentile": 0.03626, + "date": "2026-03-09" } ], "cwes": [ @@ -12989,8 +13020,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03553, - "date": "2026-02-23" + "percentile": 0.03626, + "date": "2026-03-09" } ], "cwes": [ @@ -13058,98 +13089,101 @@ }, { "vulnerability": { - "id": "CVE-2026-24883", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0036849999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24883", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://dev.gnupg.org/T8049", - "https://www.openwall.com/lists/oss-security/2026/01/27/8" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24883", - "cwe": "CWE-476", - "source": "cve@mitre.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -13165,21 +13199,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "glibc", + "version": "0:2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24883", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "b22efca5f0bac92d", + "name": "glibc", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13193,13 +13230,13 @@ ], "language": "", "licenses": [ - "GPLv3+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -13210,98 +13247,109 @@ }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 8.1, + "exploitabilityScore": 2.3, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] + }, + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" } ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0034999999999999996 + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, + "baseScore": 8.4, "exploitabilityScore": 2.6, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13309,21 +13357,24 @@ "version": "9.7" }, "package": { - "name": "gnutls", - "version": "0:3.8.3-9.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "87b69976221d7a4a", - "name": "gnutls", - "version": "3.8.3-9.el9", + "id": "daddd35181720871", + "name": "glibc-common", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13337,14 +13388,25 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "upstreams": [ + { + "name": "glibc", + "version": "2.34-231.el9_7.2" + } ], - "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13354,88 +13416,102 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4.8, + "baseScore": 8.1, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "0:2.34-231.el9_7.10" + ], + "state": "fixed", + "available": [ + { + "version": "0:2.34-231.el9_7.10", + "date": "2026-02-27", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0034299999999999995 + "advisories": [ + { + "id": "RHSA-2026:2786", + "link": "https://access.redhat.com/errata/RHSA-2026:2786" + } + ], + "risk": 0.00444 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" } ] } @@ -13450,21 +13526,24 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + }, + "fix": { + "suggestedVersion": "0:2.34-231.el9_7.10" } } ], "artifact": { - "id": "211bc8dbb2d0cae8", - "name": "curl-minimal", - "version": "7.76.1-34.el9", + "id": "b75c9ce4cb4a4d36", + "name": "glibc-minimal-langpack", + "version": "2.34-231.el9_7.2", "type": "rpm", "locations": [ { @@ -13478,23 +13557,27 @@ ], "language": "", "licenses": [ - "MIT" + "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" ], "cpes": [ - "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", + "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", + "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", "upstreams": [ { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "glibc", + "version": "2.34-231.el9_7.2" } ], "metadataType": "RpmMetadata", @@ -13506,39 +13589,39 @@ }, { "vulnerability": { - "id": "CVE-2025-14017", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", + "id": "CVE-2026-24883", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24883", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", + "description": "A flaw was found in GnuPG. A remote attacker could provide a specially crafted long signature packet that, when processed, causes the application to crash. This vulnerability leads to a denial of service (DoS), making the GnuPG application unavailable to legitimate users.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.8, + "baseScore": 3.7, "exploitabilityScore": 2.3, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" } ], "fix": { @@ -13546,55 +13629,66 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0034299999999999995 + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14017", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "id": "CVE-2026-24883", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24883", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14017.html", - "https://curl.se/docs/CVE-2025-14017.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/3" + "https://dev.gnupg.org/T8049", + "https://www.openwall.com/lists/oss-security/2026/01/27/8" ], - "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "description": "In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.3, - "exploitabilityScore": 1.1, - "impactScore": 5.2 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14017", - "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "cve": "CVE-2026-24883", + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14017", - "cwe": "NVD-CWE-Other", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-24883", + "cwe": "CWE-476", + "source": "cve@mitre.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13602,21 +13696,21 @@ "version": "9.7" }, "package": { - "name": "curl", - "version": "7.76.1-34.el9" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14017", + "vulnerabilityID": "CVE-2026-24883", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "dbb58be7b5652cc7", - "name": "libcurl-minimal", - "version": "7.76.1-34.el9", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -13630,25 +13724,14 @@ ], "language": "", "licenses": [ - "MIT" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", - "upstreams": [ - { - "name": "curl", - "version": "7.76.1-34.el9" - } + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13658,106 +13741,90 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9820", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.00385 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", + "cve": "CVE-2025-9820", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" } @@ -13766,7 +13833,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -13774,24 +13841,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "gnutls", + "version": "0:3.8.3-9.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "31d143a38566e735", - "name": "libblkid", - "version": "2.37.4-21.el9", + "id": "87b69976221d7a4a", + "name": "gnutls", + "version": "3.8.3-9.el9", "type": "rpm", "locations": [ { @@ -13805,19 +13869,14 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "GPLv3+ and LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [ - { - "name": "util-linux", - "version": "2.37.4-21.el9" - } + "cpe:2.3:a:gnutls:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnutls:3.8.3-9.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/gnutls@3.8.3-9.el9?arch=x86_64&distro=rhel-9.7&upstream=gnutls-3.8.3-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -13827,108 +13886,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -13943,24 +13982,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd147c6291221f2", - "name": "libfdisk", - "version": "2.37.4-21.el9", + "id": "211bc8dbb2d0cae8", + "name": "curl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -13974,17 +14010,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:curl-minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl-minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl_minimal:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:curl:curl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/curl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -13996,108 +14038,88 @@ }, { "vulnerability": { - "id": "CVE-2025-14104", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14017", "namespace": "redhat:distro:redhat:9", "severity": "Medium", "urls": [], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "A flaw was found in curl. When performing multi-threaded LDAPS (Lightweight Directory Access Protocol Secure) transfers, changes to Transport Layer Security (TLS) options in one thread could inadvertently apply globally, affecting other concurrent transfers. This could lead to unintended security posture changes, such as disabling certificate verification for other threads. This vulnerability can result in a security bypass, where expected security checks are not performed.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 4.8, + "exploitabilityScore": 2.3, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "0:2.37.4-21.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "0:2.37.4-21.el9_7", - "date": "2026-02-05", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1913", - "link": "https://access.redhat.com/errata/RHSA-2026:1913" - } - ], - "risk": 0.0033299999999999996 + "advisories": [], + "risk": 0.0034299999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14104", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", + "id": "CVE-2025-14017", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2026:1696", - "https://access.redhat.com/errata/RHSA-2026:1852", - "https://access.redhat.com/errata/RHSA-2026:1913", - "https://access.redhat.com/errata/RHSA-2026:2485", - "https://access.redhat.com/errata/RHSA-2026:2563", - "https://access.redhat.com/errata/RHSA-2026:2737", - "https://access.redhat.com/errata/RHSA-2026:2800", - "https://access.redhat.com/security/cve/CVE-2025-14104", - "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/3" ], - "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", + "description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 6.3, + "exploitabilityScore": 1.1, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14104", - "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "cve": "CVE-2025-14017", + "epss": 0.00007, + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14104", - "cwe": "CWE-125", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2025-14017", + "cwe": "NVD-CWE-Other", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -14112,24 +14134,21 @@ "version": "9.7" }, "package": { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-14104", - "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "0:2.37.4-21.el9_7" + "vulnerabilityID": "CVE-2025-14017", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "403e3b854fc89f1e", - "name": "libmount", - "version": "2.37.4-21.el9", + "id": "dbb58be7b5652cc7", + "name": "libcurl-minimal", + "version": "7.76.1-34.el9", "type": "rpm", "locations": [ { @@ -14143,17 +14162,23 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl-minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl-minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl_minimal:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:libcurl:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl-minimal:7.76.1-34.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libcurl_minimal:7.76.1-34.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libcurl-minimal@7.76.1-34.el9?arch=x86_64&distro=rhel-9.7&upstream=curl-7.76.1-34.el9.src.rpm", "upstreams": [ { - "name": "util-linux", - "version": "2.37.4-21.el9" + "name": "curl", + "version": "7.76.1-34.el9" } ], "metadataType": "RpmMetadata", @@ -14188,8 +14213,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14235,6 +14260,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14257,8 +14283,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14296,8 +14322,8 @@ } ], "artifact": { - "id": "7069d90382d7c593", - "name": "libsmartcols", + "id": "31d143a38566e735", + "name": "libblkid", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14315,10 +14341,10 @@ "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libblkid:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libblkid:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libblkid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -14357,8 +14383,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14404,6 +14430,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14426,8 +14453,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14465,8 +14492,8 @@ } ], "artifact": { - "id": "07c41562e2bee55f", - "name": "libuuid", + "id": "1bd147c6291221f2", + "name": "libfdisk", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14481,13 +14508,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libfdisk:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libfdisk:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libfdisk@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -14526,8 +14553,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14573,6 +14600,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14595,8 +14623,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14611,7 +14639,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14620,7 +14648,7 @@ }, "package": { "name": "util-linux", - "version": "0:2.37.4-21.el9" + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, @@ -14634,8 +14662,8 @@ } ], "artifact": { - "id": "b4baad1349e149c7", - "name": "util-linux", + "id": "403e3b854fc89f1e", + "name": "libmount", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14650,20 +14678,19 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libmount:libmount:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libmount:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libmount@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -14696,8 +14723,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14743,6 +14770,7 @@ "https://access.redhat.com/errata/RHSA-2026:2563", "https://access.redhat.com/errata/RHSA-2026:2737", "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", "https://access.redhat.com/security/cve/CVE-2025-14104", "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], @@ -14765,8 +14793,8 @@ { "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.0031, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ @@ -14804,8 +14832,8 @@ } ], "artifact": { - "id": "47984ec76a4a22e2", - "name": "util-linux-core", + "id": "7069d90382d7c593", + "name": "libsmartcols", "version": "2.37.4-21.el9", "type": "rpm", "locations": [ @@ -14820,23 +14848,13 @@ ], "language": "", "licenses": [ - "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:libsmartcols:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libsmartcols:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "purl": "pkg:rpm/redhat/libsmartcols@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { "name": "util-linux", @@ -14851,102 +14869,109 @@ } }, { - "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "vulnerability": { + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -14954,7 +14979,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -14962,24 +14987,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "0:2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b22efca5f0bac92d", - "name": "glibc", - "version": "2.34-231.el9_7.2", + "id": "07c41562e2bee55f", + "name": "libuuid", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -14993,14 +15018,19 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libuuid:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libuuid:2.37.4-21.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libuuid@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [ + { + "name": "util-linux", + "version": "2.37.4-21.el9" + } ], - "purl": "pkg:rpm/redhat/glibc@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15010,101 +15040,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15112,7 +15149,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -15120,24 +15157,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "0:2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "daddd35181720871", - "name": "glibc-common", - "version": "2.34-231.el9_7.2", + "id": "b4baad1349e149c7", + "name": "util-linux", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15151,25 +15188,20 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_common:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-common:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_common:2.34-231.el9_7.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/glibc-common@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", - "upstreams": [ - { - "name": "glibc", - "version": "2.34-231.el9_7.2" - } + "cpe:2.3:a:util-linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux:2.37.4-21.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/util-linux@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -15179,101 +15211,108 @@ }, { "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-14104", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in the glibc library. Passing an excessively large alignment value to the memalign suite of functions, such as memalign, posix_memalign, aligned_alloc, valloc and pvalloc, an integer overflow can occur during internal size calculations due to improper overflow checks, causing an allocation of a small chunk of memory which is subsequently used for writing. This issue can result in an application crash or heap memory corruption.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.1, - "exploitabilityScore": 2.3, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ], "fix": { "versions": [ - "0:2.34-231.el9_7.10" + "0:2.37.4-21.el9_7" ], "state": "fixed", "available": [ { - "version": "0:2.34-231.el9_7.10", - "date": "2026-02-17", + "version": "0:2.37.4-21.el9_7", + "date": "2026-02-05", "kind": "first-observed" } ] }, "advisories": [ - { - "id": "RHSA-2026:2786", - "link": "https://access.redhat.com/errata/RHSA-2026:2786" + { + "id": "RHSA-2026:1913", + "link": "https://access.redhat.com/errata/RHSA-2026:1913" } ], "risk": 0.0033299999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", + "id": "CVE-2025-14104", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" + "https://access.redhat.com/errata/RHSA-2026:1696", + "https://access.redhat.com/errata/RHSA-2026:1852", + "https://access.redhat.com/errata/RHSA-2026:1913", + "https://access.redhat.com/errata/RHSA-2026:2485", + "https://access.redhat.com/errata/RHSA-2026:2563", + "https://access.redhat.com/errata/RHSA-2026:2737", + "https://access.redhat.com/errata/RHSA-2026:2800", + "https://access.redhat.com/errata/RHSA-2026:3406", + "https://access.redhat.com/security/cve/CVE-2025-14104", + "https://bugzilla.redhat.com/show_bug.cgi?id=2419369" ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", + "description": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 + "baseScore": 6.1, + "exploitabilityScore": 1.9, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0861", + "cve": "CVE-2025-14104", "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "percentile": 0.00315, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-14104", + "cwe": "CWE-125", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -15289,24 +15328,24 @@ "version": "9.7" }, "package": { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0861", - "versionConstraint": "< 0:2.34-231.el9_7.10 (rpm)" + "vulnerabilityID": "CVE-2025-14104", + "versionConstraint": "< 0:2.37.4-21.el9_7 (rpm)" }, "fix": { - "suggestedVersion": "0:2.34-231.el9_7.10" + "suggestedVersion": "0:2.37.4-21.el9_7" } } ], "artifact": { - "id": "b75c9ce4cb4a4d36", - "name": "glibc-minimal-langpack", - "version": "2.34-231.el9_7.2", + "id": "47984ec76a4a22e2", + "name": "util-linux-core", + "version": "2.37.4-21.el9", "type": "rpm", "locations": [ { @@ -15320,27 +15359,27 @@ ], "language": "", "licenses": [ - "LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ and GPLv2+ with exceptions and BSD and Inner-Net and ISC and Public Domain and GFDL" + "GPLv2 and GPLv2+ and LGPLv2+ and BSD with advertising and Public Domain" ], "cpes": [ - "cpe:2.3:a:glibc-minimal-langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal-langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal_langpack:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc-minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc_minimal:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc-minimal-langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*", - "cpe:2.3:a:glibc:glibc_minimal_langpack:2.34-231.el9_7.2:*:*:*:*:*:*:*" + "cpe:2.3:a:util-linux-core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux-core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux_core:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util-linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util_linux:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util-linux-core:2.37.4-21.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:util:util_linux_core:2.37.4-21.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glibc-minimal-langpack@2.34-231.el9_7.2?arch=x86_64&distro=rhel-9.7&upstream=glibc-2.34-231.el9_7.2.src.rpm", + "purl": "pkg:rpm/redhat/util-linux-core@2.37.4-21.el9?arch=x86_64&distro=rhel-9.7&upstream=util-linux-2.37.4-21.el9.src.rpm", "upstreams": [ { - "name": "glibc", - "version": "2.34-231.el9_7.2" + "name": "util-linux", + "version": "2.37.4-21.el9" } ], "metadataType": "RpmMetadata", @@ -15374,9 +15413,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15406,7 +15445,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15437,9 +15476,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15532,9 +15571,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15564,7 +15603,7 @@ "link": "https://access.redhat.com/errata/RHSA-2026:1473" } ], - "risk": 0.0021250000000000006 + "risk": 0.00255 }, "relatedVulnerabilities": [ { @@ -15595,9 +15634,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -15679,20 +15718,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15700,18 +15739,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -15719,43 +15758,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -15763,18 +15787,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -15789,21 +15813,21 @@ "version": "9.7" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "7ee51647563bc9b1", + "name": "glib2", + "version": "2.68.4-18.el9_7", "type": "rpm", "locations": [ { @@ -15817,13 +15841,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -15834,104 +15858,99 @@ }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2025-68972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://gpg.fail/formfeed", + "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", + "https://news.ycombinator.com/item?id=46404339" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "metrics": { - "baseScore": 4, + "baseScore": 5.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2025-68972", + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-68972", + "cwe": "CWE-347", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -15947,24 +15966,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-4.el9_7" + "name": "gnupg2", + "version": "0:2.3.3-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2025-68972", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "25e16a00909d33d5", - "name": "openssl", - "version": "1:3.5.1-4.el9_7", + "id": "4796aaf427df0782", + "name": "gnupg2", + "version": "2.3.3-4.el9", "type": "rpm", "locations": [ { @@ -15978,121 +15994,118 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-69418", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { - "versions": [ - "1:3.5.1-7.el9_7" - ], - "state": "fixed", - "available": [ - { - "version": "1:3.5.1-7.el9_7", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "RHSA-2026:1473", - "link": "https://access.redhat.com/errata/RHSA-2026:1473" - } - ], - "risk": 0.0017499999999999998 + "advisories": [], + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69418", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", - "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", - "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", - "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", - "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4, + "baseScore": 2.9, "exploitabilityScore": 1.5, - "impactScore": 2.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69418", - "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69418", - "cwe": "CWE-325", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -16100,7 +16113,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16108,24 +16121,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-4.el9_7" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-69418", - "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" - }, - "fix": { - "suggestedVersion": "1:3.5.1-7.el9_7" + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9620df42e45abf0c", - "name": "openssl-libs", - "version": "1:3.5.1-4.el9_7", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { @@ -16139,127 +16149,121 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "zlib and Boost" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-4.el9_7" - } + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-68972", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. An adversary can exploit this vulnerability by crafting a signed message that includes a form feed character (\\f) at the end of a plaintext line. This allows the adversary to append additional, unsigned text to the message while the signature verification still reports success. This issue leads to an integrity bypass, potentially enabling the spoofing of signed communications.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.0016350000000000002 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68972", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://gpg.fail/formfeed", - "https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i", - "https://news.ycombinator.com/item?id=46404339" - ], - "description": "In GnuPG through 2.4.8, if a signed message has \\f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an \"invalid armor\" message is printed during verification). This is related to use of \\f as a marker to denote truncation of a long plaintext line.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 4 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "cve": "CVE-2025-69418", + "epss": 0.00005, + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68972", - "cwe": "CWE-347", - "source": "cve@mitre.org", + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -16275,21 +16279,24 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-4.el9" + "name": "openssl", + "version": "1:3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-68972", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "4796aaf427df0782", - "name": "gnupg2", - "version": "2.3.3-4.el9", + "id": "25e16a00909d33d5", + "name": "openssl", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16303,122 +16310,129 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-4.el9?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-24515", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", + "id": "CVE-2025-69418", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-69418", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "A flaw was found in OpenSSL. When applications directly call the low-level CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions with non-block-aligned lengths in a single call on hardware-accelerated builds, the trailing 1-15 bytes of a message may be exposed in cleartext. These exposed bytes are not covered by the authentication tag, allowing an attacker to read or tamper with them without detection.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24515", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00188, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24515", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "1:3.5.1-7.el9_7" + ], + "state": "fixed", + "available": [ + { + "version": "1:3.5.1-7.el9_7", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, - "advisories": [], - "risk": 0.001475 + "advisories": [ + { + "id": "RHSA-2026:1473", + "link": "https://access.redhat.com/errata/RHSA-2026:1473" + } + ], + "risk": 0.0017499999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24515", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", + "id": "CVE-2025-69418", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69418", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/pull/1131" + "https://github.com/openssl/openssl/commit/372fc5c77529695b05b4f5b5187691a57ef5dffc", + "https://github.com/openssl/openssl/commit/4016975d4469cd6b94927c607f7c511385f928d8", + "https://github.com/openssl/openssl/commit/52d23c86a54adab5ee9f80e48b242b52c4cc2347", + "https://github.com/openssl/openssl/commit/a7589230356d908c0eca4b969ec4f62106f4f5ae", + "https://github.com/openssl/openssl/commit/ed40856d7d4ba6cb42779b6770666a65f19cb977", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "Issue summary: When using the low-level OCB API directly with AES-NI or
other hardware-accelerated code paths, inputs whose length is not a multiple
of 16 bytes can leave the final partial block unencrypted and unauthenticated.

Impact summary: The trailing 1-15 bytes of a message may be exposed in
cleartext on encryption and are not covered by the authentication tag,
allowing an attacker to read or tamper with those bytes without detection.

The low-level OCB encrypt and decrypt routines in the hardware-accelerated
stream path process full 16-byte blocks but do not advance the input/output
pointers. The subsequent tail-handling code then operates on the original
base pointers, effectively reprocessing the beginning of the buffer while
leaving the actual trailing bytes unprocessed. The authentication checksum
also excludes the true tail bytes.

However, typical OpenSSL consumers using EVP are not affected because the
higher-level EVP and provider OCB implementations split inputs so that full
blocks and trailing partial blocks are processed in separate calls, avoiding
the problematic code path. Additionally, TLS does not use OCB ciphersuites.
The vulnerability only affects applications that call the low-level
CRYPTO_ocb128_encrypt() or CRYPTO_ocb128_decrypt() functions directly with
non-block-aligned lengths in a single call on hardware-accelerated builds.
For these reasons the issue was assessed as Low severity.

The FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected
by this issue, as OCB mode is not a FIPS-approved algorithm.

OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.

OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 2.9, + "baseScore": 4, "exploitabilityScore": 1.5, - "impactScore": 1.5 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-24515", + "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00188, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24515", - "cwe": "CWE-476", - "source": "cve@mitre.org", - "type": "Primary" + "cve": "CVE-2025-69418", + "cwe": "CWE-325", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -16426,21 +16440,24 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "openssl", + "version": "3.5.1-4.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24515", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-69418", + "versionConstraint": "< 1:3.5.1-7.el9_7 (rpm)" + }, + "fix": { + "suggestedVersion": "1:3.5.1-7.el9_7" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "9620df42e45abf0c", + "name": "openssl-libs", + "version": "1:3.5.1-4.el9_7", "type": "rpm", "locations": [ { @@ -16454,37 +16471,48 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-4.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-4.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-4.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-4.el9_7" + } ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2026-24515", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16492,17 +16520,17 @@ ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00246, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -16511,28 +16539,39 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00145 + "risk": 0.001475 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2026-24515", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/libexpat/libexpat/pull/1131" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -16540,17 +16579,17 @@ ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00246, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Primary" } ] @@ -16566,21 +16605,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", + "vulnerabilityID": "CVE-2026-24515", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7ee51647563bc9b1", - "name": "glib2", - "version": "2.68.4-18.el9_7", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -16594,13 +16633,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -17031,7 +17070,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -17210,107 +17249,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-26.1.1.md b/docs/security/agent/grype-26.1.1.md index eba6430..a3f6db7 100644 --- a/docs/security/agent/grype-26.1.1.md +++ b/docs/security/agent/grype-26.1.1.md @@ -9,27 +9,27 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | High | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-68973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68973) | High | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| fluent-bit | 26.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | Medium | +| fluent-bit | 26.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | fluent-bit | 26.1.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-9086](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | Medium | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-11187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2023-30571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30571) | Medium | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-13601](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13601) | Medium | | curl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | | libcurl-minimal | 7.76.1-34.el9 | [CVE-2025-14017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017) | Medium | @@ -54,23 +54,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-41996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41996) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-3360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3360) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | Low | -| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | +| libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | Low | @@ -80,36 +79,37 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-18.el9_7 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | | gnupg2 | 2.3.3-4.el9 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | -| openssl | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | -| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | -| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | glibc | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-common | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | | glibc-minimal-langpack | 2.34-231.el9_7.2 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | Low | +| gnupg2 | 2.3.3-4.el9 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | +| gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-15469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469) | Low | +| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | openssl | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | openssl-libs | 1:3.5.1-4.el9_7 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2026-24515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515) | Low | -| glib2 | 2.68.4-18.el9_7 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/agent/grype-26.2.4.json b/docs/security/agent/grype-26.2.4.json index f5d4208..7f7cac3 100644 --- a/docs/security/agent/grype-26.2.4.json +++ b/docs/security/agent/grype-26.2.4.json @@ -25,8 +25,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" + "percentile": 0.8064, + "date": "2026-03-09" } ], "cwes": [ @@ -104,8 +104,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" + "percentile": 0.8064, + "date": "2026-03-09" } ], "cwes": [ @@ -207,9 +207,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -217,7 +217,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -252,9 +252,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -347,9 +347,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ], "fix": { @@ -357,7 +357,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.4601300000000001 + "risk": 0.4223050000000001 }, "relatedVulnerabilities": [ { @@ -392,9 +392,9 @@ "epss": [ { "cve": "CVE-2024-11053", - "epss": 0.01034, - "percentile": 0.77036, - "date": "2026-02-23" + "epss": 0.00949, + "percentile": 0.76074, + "date": "2026-03-09" } ] } @@ -488,8 +488,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -554,8 +554,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -657,8 +657,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -723,8 +723,8 @@ { "cve": "CVE-2024-7264", "epss": 0.00882, - "percentile": 0.75053, - "date": "2026-02-23" + "percentile": 0.75109, + "date": "2026-03-09" } ], "cwes": [ @@ -826,8 +826,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -882,8 +882,8 @@ { "cve": "CVE-2024-34459", "epss": 0.00847, - "percentile": 0.74506, - "date": "2026-02-23" + "percentile": 0.74556, + "date": "2026-03-09" } ], "cwes": [ @@ -974,8 +974,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1047,8 +1047,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1150,8 +1150,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1223,8 +1223,8 @@ { "cve": "CVE-2024-9681", "epss": 0.00725, - "percentile": 0.7222, - "date": "2026-02-23" + "percentile": 0.72258, + "date": "2026-03-09" } ], "cwes": [ @@ -1325,9 +1325,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1343,7 +1343,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1374,9 +1374,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1466,9 +1466,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1484,7 +1484,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.19669000000000006 + "risk": 0.19135000000000002 }, "relatedVulnerabilities": [ { @@ -1515,9 +1515,9 @@ "epss": [ { "cve": "CVE-2024-41996", - "epss": 0.00442, - "percentile": 0.6286, - "date": "2026-02-23" + "epss": 0.0043, + "percentile": 0.62158, + "date": "2026-03-09" } ], "cwes": [ @@ -1618,9 +1618,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -1636,7 +1636,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.16854000000000002 + "risk": 0.13674 }, "relatedVulnerabilities": [ { @@ -1678,9 +1678,9 @@ "epss": [ { "cve": "CVE-2025-14087", - "epss": 0.00318, - "percentile": 0.54459, - "date": "2026-02-23" + "epss": 0.00258, + "percentile": 0.48817, + "date": "2026-03-09" } ], "cwes": [ @@ -1771,8 +1771,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -1820,8 +1820,8 @@ { "cve": "CVE-2025-3360", "epss": 0.00392, - "percentile": 0.59727, - "date": "2026-02-23" + "percentile": 0.59786, + "date": "2026-03-09" } ], "cwes": [ @@ -1912,8 +1912,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ @@ -1979,8 +1979,8 @@ { "cve": "CVE-2023-32636", "epss": 0.00179, - "percentile": 0.39416, - "date": "2026-02-23" + "percentile": 0.39253, + "date": "2026-03-09" } ], "cwes": [ @@ -2077,8 +2077,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ @@ -2152,8 +2152,8 @@ { "cve": "CVE-2025-27113", "epss": 0.00217, - "percentile": 0.44044, - "date": "2026-02-23" + "percentile": 0.43951, + "date": "2026-03-09" } ], "cwes": [ @@ -2232,7 +2232,7 @@ "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", + "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior. This bug does not compromise the integrity or availability of the base system.", "cvss": [ { "type": "Secondary", @@ -2250,8 +2250,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ @@ -2346,8 +2346,8 @@ { "cve": "CVE-2025-1632", "epss": 0.00198, - "percentile": 0.41846, - "date": "2026-02-23" + "percentile": 0.41718, + "date": "2026-03-09" } ], "cwes": [ @@ -2427,20 +2427,20 @@ }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2025-60753", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -2448,17 +2448,23 @@ ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], @@ -2467,57 +2473,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.04305 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2025-60753", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", + "https://github.com/libarchive/libarchive/issues/2725" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2025-60753", + "epss": 0.00082, + "percentile": 0.23988, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-60753", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + }, + { + "cve": "CVE-2025-60753", + "cwe": "CWE-835", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -2533,21 +2534,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-7.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2025-60753", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "019f13958fa4dc68", - "name": "openssl", - "version": "1:3.5.1-7.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -2561,56 +2562,56 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2024-13176", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "id": "CVE-2026-1489", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -2618,65 +2619,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.047355 + "risk": 0.03796 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-13176", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", + "id": "CVE-2026-1489", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", - "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", - "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", - "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", - "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", - "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", - "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", - "https://openssl-library.org/news/secadv/20250120.txt", - "http://www.openwall.com/lists/oss-security/2025/01/20/2", - "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", - "https://security.netapp.com/advisory/ntap-20250124-0005/", - "https://security.netapp.com/advisory/ntap-20250418-0010/", - "https://security.netapp.com/advisory/ntap-20250502-0006/" + "https://access.redhat.com/security/cve/CVE-2026-1489", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" ], - "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", + "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "secalert@redhat.com", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 4.1, - "exploitabilityScore": 0.7, - "impactScore": 3.4 + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-13176", - "epss": 0.00123, - "percentile": 0.31599, - "date": "2026-02-23" + "cve": "CVE-2026-1489", + "epss": 0.00073, + "percentile": 0.21937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-13176", - "cwe": "CWE-385", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-1489", + "cwe": "CWE-787", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -2684,21 +2674,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-7.el9_7" + "name": "glib2", + "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-13176", + "vulnerabilityID": "CVE-2026-1489", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "15b6910272a6e502", - "name": "openssl-libs", - "version": "1:3.5.1-7.el9_7", + "id": "30f092785d030af5", + "name": "glib2", + "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { @@ -2712,28 +2702,17 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-7.el9_7" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } @@ -2763,8 +2742,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -2813,8 +2792,8 @@ { "cve": "CVE-2023-45322", "epss": 0.00076, - "percentile": 0.22767, - "date": "2026-02-23" + "percentile": 0.22635, + "date": "2026-03-09" } ], "cwes": [ @@ -2882,38 +2861,38 @@ }, { "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ], @@ -2922,46 +2901,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.032785 + "risk": 0.03358 }, "relatedVulnerabilities": [ { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", + "id": "CVE-2026-1484", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" + "https://access.redhat.com/security/cve/CVE-2026-1484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", + "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", "cvss": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.2, + "exploitabilityScore": 1.7, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" + "cve": "CVE-2026-1484", + "epss": 0.00073, + "percentile": 0.22032, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", + "cve": "CVE-2026-1484", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Primary" } ] @@ -2977,161 +2956,21 @@ "version": "9.7" }, "package": { - "name": "pcre2", - "version": "0:10.40-6.el9" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2022-41409", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "d52857c4436af57f", - "name": "pcre2", - "version": "10.40-6.el9", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "BSD" - ], - "cpes": [ - "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2022-41409", - "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.032785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2022-41409", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", - "https://github.com/PCRE2Project/pcre2/issues/141" - ], - "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2022-41409", - "epss": 0.00079, - "percentile": 0.23459, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2022-41409", - "cwe": "CWE-190", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "pcre2", - "version": "10.40-6.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2022-41409", + "vulnerabilityID": "CVE-2026-1484", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "79b3a388130aa9b9", - "name": "pcre2-syntax", - "version": "10.40-6.el9", + "id": "30f092785d030af5", + "name": "glib2", + "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { @@ -3145,25 +2984,14 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", - "upstreams": [ - { - "name": "pcre2", - "version": "10.40-6.el9" - } + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3196,8 +3024,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ @@ -3244,8 +3072,8 @@ { "cve": "CVE-2026-0990", "epss": 0.00058, - "percentile": 0.18106, - "date": "2026-02-23" + "percentile": 0.17831, + "date": "2026-03-09" } ], "cwes": [ @@ -3336,8 +3164,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ @@ -3384,8 +3212,8 @@ { "cve": "CVE-2025-14512", "epss": 0.00054, - "percentile": 0.16784, - "date": "2026-02-23" + "percentile": 0.16527, + "date": "2026-03-09" } ], "cwes": [ @@ -3453,20 +3281,20 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3474,18 +3302,18 @@ ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -3493,49 +3321,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.026255000000000007 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3550,21 +3387,21 @@ "version": "9.7" }, "package": { - "name": "libtasn1", - "version": "0:4.16.0-9.el9" + "name": "openssl", + "version": "1:3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-13151", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3761cee678a57b02", - "name": "libtasn1", - "version": "4.16.0-9.el9", + "id": "019f13958fa4dc68", + "name": "openssl", + "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { @@ -3578,37 +3415,37 @@ ], "language": "", "licenses": [ - "GPLv3+ and LGPLv2+" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2023-50495", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", - "namespace": "redhat:distro:redhat:9", + "id": "CVE-2024-13176", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-13176", + "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3616,10 +3453,18 @@ ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -3627,42 +3472,58 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.024225 + "risk": 0.028104999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-50495", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", + "id": "CVE-2024-13176", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-13176", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", - "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", - "https://security.netapp.com/advisory/ntap-20240119-0008/", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" + "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844", + "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467", + "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902", + "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65", + "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f", + "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded", + "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86", + "https://openssl-library.org/news/secadv/20250120.txt", + "http://www.openwall.com/lists/oss-security/2025/01/20/2", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html", + "https://security.netapp.com/advisory/ntap-20250124-0005/", + "https://security.netapp.com/advisory/ntap-20250418-0010/", + "https://security.netapp.com/advisory/ntap-20250502-0006/" ], - "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", + "description": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 2.9, - "impactScore": 3.6 + "baseScore": 4.1, + "exploitabilityScore": 0.7, + "impactScore": 3.4 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-50495", - "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "cve": "CVE-2024-13176", + "epss": 0.00073, + "percentile": 0.22029, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2024-13176", + "cwe": "CWE-385", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -3677,21 +3538,21 @@ "version": "9.7" }, "package": { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "openssl", + "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-50495", + "vulnerabilityID": "CVE-2024-13176", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cb11b32d6ce6627c", - "name": "ncurses-base", - "version": "6.2-12.20210508.el9", + "id": "15b6910272a6e502", + "name": "openssl-libs", + "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { @@ -3705,25 +3566,307 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [ { - "name": "ncurses", - "version": "6.2-12.20210508.el9" + "name": "openssl", + "version": "3.5.1-7.el9_7" + } + ], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": 1, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2026-0988", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.027804999999999996 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-0988", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "namespace": "nvd:cpe", + "severity": "Low", + "urls": [ + "https://access.redhat.com/security/cve/CVE-2026-0988", + "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + ], + "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-0988", + "epss": 0.00083, + "percentile": 0.24128, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-0988", + "cwe": "CWE-190", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "glib2", + "version": "0:2.68.4-18.el9_7.1" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2026-0988", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "30f092785d030af5", + "name": "glib2", + "version": "2.68.4-18.el9_7.1", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "LGPLv2+" + ], + "cpes": [ + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", + "upstreams": [], + "metadataType": "RpmMetadata", + "metadata": { + "epoch": null, + "modularityLabel": "" + } + } + }, + { + "vulnerability": { + "id": "CVE-2025-13151", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-13151", + "namespace": "redhat:distro:redhat:9", + "severity": "Low", + "urls": [], + "description": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.", + "cvss": [ + { + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.026255000000000007 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" + ], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "rpm-matcher", + "searchedBy": { + "distro": { + "type": "redhat", + "version": "9.7" + }, + "package": { + "name": "libtasn1", + "version": "0:4.16.0-9.el9" + }, + "namespace": "redhat:distro:redhat:9" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" } + } + ], + "artifact": { + "id": "3761cee678a57b02", + "name": "libtasn1", + "version": "4.16.0-9.el9", + "type": "rpm", + "locations": [ + { + "path": "/var/lib/rpm/rpmdb.sqlite", + "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", + "accessPath": "/var/lib/rpm/rpmdb.sqlite", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [ + "GPLv3+ and LGPLv2+" ], + "cpes": [ + "cpe:2.3:a:libtasn1:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libtasn1:4.16.0-9.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/libtasn1@4.16.0-9.el9?arch=x86_64&distro=rhel-9.7&upstream=libtasn1-4.16.0-9.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -3756,8 +3899,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -3799,8 +3942,8 @@ { "cve": "CVE-2023-50495", "epss": 0.00051, - "percentile": 0.15794, - "date": "2026-02-23" + "percentile": 0.15511, + "date": "2026-03-09" } ] } @@ -3827,8 +3970,8 @@ } ], "artifact": { - "id": "9dc1b34cdde2c695", - "name": "ncurses-libs", + "id": "cb11b32d6ce6627c", + "name": "ncurses-base", "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ @@ -3846,16 +3989,16 @@ "MIT" ], "cpes": [ - "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_base:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-base:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_base:6.2-12.20210508.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "purl": "pkg:rpm/redhat/ncurses-base@6.2-12.20210508.el9?arch=noarch&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", "upstreams": [ { "name": "ncurses", @@ -3871,39 +4014,31 @@ }, { "vulnerability": { - "id": "CVE-2026-1489", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1489", + "id": "CVE-2023-50495", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-50495", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, + "baseScore": 6.5, "exploitabilityScore": 2.9, - "impactScore": 2.6 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15511, + "date": "2026-03-09" } ], "fix": { @@ -3911,54 +4046,49 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0234 + "risk": 0.024225 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1489", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1489", + "id": "CVE-2023-50495", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-50495", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1489", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433348" + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html", + "https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html", + "https://security.netapp.com/advisory/ntap-20240119-0008/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/" ], - "description": "A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processing specially crafted and extremely large Unicode strings, an attacker could trigger an undersized memory allocation, resulting in out-of-bounds writes. This could cause applications utilizing GLib for string conversion to crash or become unstable.", + "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.4, + "baseScore": 6.5, "exploitabilityScore": 2.9, - "impactScore": 2.6 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1489", - "epss": 0.00045, - "percentile": 0.1375, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-1489", - "cwe": "CWE-787", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2023-50495", + "epss": 0.00051, + "percentile": 0.15511, + "date": "2026-03-09" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -3966,21 +4096,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7.1" + "name": "ncurses", + "version": "6.2-12.20210508.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1489", + "vulnerabilityID": "CVE-2023-50495", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "30f092785d030af5", - "name": "glib2", - "version": "2.68.4-18.el9_7.1", + "id": "9dc1b34cdde2c695", + "name": "ncurses-libs", + "version": "6.2-12.20210508.el9", "type": "rpm", "locations": [ { @@ -3994,14 +4124,25 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:ncurses-libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses-libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses_libs:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:ncurses:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses-libs:6.2-12.20210508.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:ncurses_libs:6.2-12.20210508.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/ncurses-libs@6.2-12.20210508.el9?arch=x86_64&distro=rhel-9.7&upstream=ncurses-6.2-12.20210508.el9.src.rpm", + "upstreams": [ + { + "name": "ncurses", + "version": "6.2-12.20210508.el9" + } ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4034,8 +4175,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -4095,8 +4236,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -4192,8 +4333,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -4253,8 +4394,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -4327,38 +4468,38 @@ }, { "vulnerability": { - "id": "CVE-2026-1484", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1484", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ], @@ -4367,46 +4508,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0207 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1484", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1484", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1484", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433259" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculation, the library may miscalculate buffer boundaries. This can cause memory writes outside the allocated buffer. Applications that process untrusted or extremely large Base64 input using GLib may crash or behave unpredictably.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.2, - "exploitabilityScore": 1.7, - "impactScore": 2.6 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1484", - "epss": 0.00045, - "percentile": 0.13845, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1484", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -4422,21 +4563,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7.1" + "name": "pcre2", + "version": "0:10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1484", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "30f092785d030af5", - "name": "glib2", - "version": "2.68.4-18.el9_7.1", + "id": "d52857c4436af57f", + "name": "pcre2", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4450,13 +4591,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:pcre2:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2:10.40-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/pcre2@10.40-6.el9?arch=x86_64&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4467,39 +4608,39 @@ }, { "vulnerability": { - "id": "CVE-2025-5915", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://access.redhat.com/security/cve/CVE-2022-41409", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -4507,68 +4648,54 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.02064 + "risk": 0.019090000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5915", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", + "id": "CVE-2022-41409", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2022-41409", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5915", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", - "https://github.com/libarchive/libarchive/pull/2599", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35", + "https://github.com/PCRE2Project/pcre2/issues/141" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", + "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, { "source": "nvd@nist.gov", - "type": "Secondary", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.6, - "exploitabilityScore": 1.4, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5915", - "epss": 0.00043, - "percentile": 0.13079, - "date": "2026-02-23" + "cve": "CVE-2022-41409", + "epss": 0.00046, + "percentile": 0.13863, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5915", - "cwe": "CWE-122", - "source": "secalert@redhat.com", - "type": "Secondary" + "cve": "CVE-2022-41409", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -4576,21 +4703,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "pcre2", + "version": "10.40-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5915", + "vulnerabilityID": "CVE-2022-41409", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "79b3a388130aa9b9", + "name": "pcre2-syntax", + "version": "10.40-6.el9", "type": "rpm", "locations": [ { @@ -4607,11 +4734,22 @@ "BSD" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:pcre2-syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2-syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2_syntax:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2-syntax:10.40-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:pcre2:pcre2_syntax:10.40-6.el9:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/pcre2-syntax@10.40-6.el9?arch=noarch&distro=rhel-9.7&upstream=pcre2-10.40-6.el9.src.rpm", + "upstreams": [ + { + "name": "pcre2", + "version": "10.40-6.el9" + } ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -4643,9 +4781,9 @@ "epss": [ { "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ @@ -4653,7 +4791,7 @@ "cve": "CVE-2025-14831", "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -4661,7 +4799,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019055 }, "relatedVulnerabilities": [ { @@ -4670,6 +4808,7 @@ "namespace": "nvd:cpe", "severity": "Medium", "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/security/cve/CVE-2025-14831", "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], @@ -4677,7 +4816,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -4691,9 +4830,9 @@ "epss": [ { "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ @@ -4701,7 +4840,7 @@ "cve": "CVE-2025-14831", "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -4761,39 +4900,39 @@ }, { "vulnerability": { - "id": "CVE-2026-0988", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5915", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -4801,47 +4940,61 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.018424999999999997 + "risk": 0.01728 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-0988", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0988", + "id": "CVE-2025-5915", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5915", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-0988", - "https://bugzilla.redhat.com/show_bug.cgi?id=2429886" + "https://access.redhat.com/security/cve/CVE-2025-5915", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370865", + "https://github.com/libarchive/libarchive/pull/2599", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).", + "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "cvss": [ { "source": "secalert@redhat.com", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-0988", - "epss": 0.00055, - "percentile": 0.17374, - "date": "2026-02-23" + "cve": "CVE-2025-5915", + "epss": 0.00036, + "percentile": 0.10298, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-0988", - "cwe": "CWE-190", + "cve": "CVE-2025-5915", + "cwe": "CWE-122", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -4856,21 +5009,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-0988", + "vulnerabilityID": "CVE-2025-5915", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "30f092785d030af5", - "name": "glib2", - "version": "2.68.4-18.el9_7.1", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -4884,13 +5037,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -4901,44 +5054,38 @@ }, { "vulnerability": { - "id": "CVE-2025-60753", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-60753", + "id": "CVE-2025-7039", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -4947,52 +5094,46 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.017325 + "risk": 0.014739999999999998 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-60753", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-60753", + "id": "CVE-2025-7039", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753", - "https://github.com/libarchive/libarchive/issues/2725" + "https://access.redhat.com/security/cve/CVE-2025-7039", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" ], - "description": "An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).", + "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 3.7, + "exploitabilityScore": 2.3, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-60753", - "epss": 0.00033, - "percentile": 0.09595, - "date": "2026-02-23" + "cve": "CVE-2025-7039", + "epss": 0.00044, + "percentile": 0.13117, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-60753", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - }, - { - "cve": "CVE-2025-60753", - "cwe": "CWE-835", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-7039", + "cwe": "CWE-22", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5008,21 +5149,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "glib2", + "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-60753", + "vulnerabilityID": "CVE-2025-7039", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "30f092785d030af5", + "name": "glib2", + "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { @@ -5036,13 +5177,13 @@ ], "language": "", "licenses": [ - "BSD" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5053,37 +5194,37 @@ }, { "vulnerability": { - "id": "CVE-2025-7039", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-7039", + "id": "CVE-2025-5918", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5093,45 +5234,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.014739999999999998 + "risk": 0.01449 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-7039", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-7039", + "id": "CVE-2025-5918", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-7039", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392423" + "https://access.redhat.com/security/cve/CVE-2025-5918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", + "https://github.com/libarchive/libarchive/pull/2584", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.", + "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 6.6, + "exploitabilityScore": 1.4, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 3.7, - "exploitabilityScore": 2.3, - "impactScore": 1.5 + "baseScore": 3.9, + "exploitabilityScore": 1.4, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-7039", - "epss": 0.00044, - "percentile": 0.13424, - "date": "2026-02-23" + "cve": "CVE-2025-5918", + "epss": 0.00042, + "percentile": 0.12557, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-7039", - "cwe": "CWE-22", + "cve": "CVE-2025-5918", + "cwe": "CWE-125", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5148,21 +5303,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7.1" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-7039", + "vulnerabilityID": "CVE-2025-5918", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "30f092785d030af5", - "name": "glib2", - "version": "2.68.4-18.el9_7.1", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5176,13 +5331,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "BSD" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5216,8 +5371,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -5270,8 +5425,8 @@ { "cve": "CVE-2025-5278", "epss": 0.00029, - "percentile": 0.08348, - "date": "2026-02-23" + "percentile": 0.08073, + "date": "2026-03-09" } ], "cwes": [ @@ -5350,12 +5505,12 @@ }, { "vulnerability": { - "id": "CVE-2025-5918", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", @@ -5371,16 +5526,16 @@ ], "epss": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-5916", "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5394,27 +5549,27 @@ }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5918", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5918", + "id": "CVE-2025-5916", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5918", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", - "https://github.com/libarchive/libarchive/pull/2584", + "https://access.redhat.com/security/cve/CVE-2025-5916", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", + "https://github.com/libarchive/libarchive/pull/2568", "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.6, + "baseScore": 5.6, "exploitabilityScore": 1.4, - "impactScore": 5.2 + "impactScore": 4.3 }, "vendorMetadata": {} }, @@ -5433,16 +5588,16 @@ ], "epss": [ { - "cve": "CVE-2025-5918", + "cve": "CVE-2025-5916", "epss": 0.00038, - "percentile": 0.11328, - "date": "2026-02-23" + "percentile": 0.11014, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5918", - "cwe": "CWE-125", + "cve": "CVE-2025-5916", + "cwe": "CWE-190", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5465,7 +5620,7 @@ "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5918", + "vulnerabilityID": "CVE-2025-5916", "versionConstraint": "none (unknown)" } } @@ -5504,20 +5659,20 @@ }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -5525,17 +5680,17 @@ ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ], @@ -5544,51 +5699,60 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.012759999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2025-5917", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://access.redhat.com/security/cve/CVE-2025-5917", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", + "https://github.com/libarchive/libarchive/pull/2588", + "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, + "baseScore": 5, + "exploitabilityScore": 1.4, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.8, + "exploitabilityScore": 1.4, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2025-5917", + "epss": 0.00044, + "percentile": 0.13075, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-5917", + "cwe": "CWE-787", + "source": "secalert@redhat.com", "type": "Secondary" } ] @@ -5604,21 +5768,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "1:3.5.1-7.el9_7" + "name": "libarchive", + "version": "0:3.5.3-6.el9_6" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2025-5917", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "019f13958fa4dc68", - "name": "openssl", - "version": "1:3.5.1-7.el9_7", + "id": "df491715ef44a4eb", + "name": "libarchive", + "version": "3.5.3-6.el9_6", "type": "rpm", "locations": [ { @@ -5632,55 +5796,61 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "BSD" ], "cpes": [ - "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 6.8, + "exploitabilityScore": 2.6, + "impactScore": 4.3 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ], @@ -5689,51 +5859,53 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011895 + "risk": 0.0118 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", + "id": "CVE-2026-22185", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" + "https://bugs.openldap.org/show_bug.cgi?id=10421", + "https://seclists.org/fulldisclosure/2026/Jan/5", + "https://seclists.org/fulldisclosure/2026/Jan/8", + "https://www.openldap.org/", + "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "disclosure@vulncheck.com", "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "4.0", + "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 4.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" + "cve": "CVE-2026-22185", + "epss": 0.0002, + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9232", + "cve": "CVE-2026-22185", "cwe": "CWE-125", - "source": "openssl-security@openssl.org", + "source": "disclosure@vulncheck.com", + "type": "Secondary" + }, + { + "cve": "CVE-2026-22185", + "cwe": "CWE-191", + "source": "disclosure@vulncheck.com", "type": "Secondary" } ] @@ -5741,7 +5913,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -5749,21 +5921,21 @@ "version": "9.7" }, "package": { - "name": "openssl", - "version": "3.5.1-7.el9_7" + "name": "openldap", + "version": "0:2.6.8-4.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-9232", + "vulnerabilityID": "CVE-2026-22185", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "15b6910272a6e502", - "name": "openssl-libs", - "version": "1:3.5.1-7.el9_7", + "id": "88f70f8a830c0797", + "name": "openldap", + "version": "2.6.8-4.el9", "type": "rpm", "locations": [ { @@ -5777,48 +5949,37 @@ ], "language": "", "licenses": [ - "Apache-2.0" + "OLDAP-2.8" ], "cpes": [ - "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", - "upstreams": [ - { - "name": "openssl", - "version": "3.5.1-7.el9_7" - } + "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": 1, + "epoch": null, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-22185", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was found in OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load. When processing malformed input, a local attacker can exploit a heap buffer underflow vulnerability in the readline() function. This can lead to an out-of-bounds read, potentially causing a denial of service (DoS) and limited disclosure of heap memory contents.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 2.6, + "baseScore": 6.1, + "exploitabilityScore": 1.9, "impactScore": 4.3 }, "vendorMetadata": {} @@ -5826,24 +5987,24 @@ ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -5851,54 +6012,65 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0118 + "risk": 0.01092 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22185", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22185", + "id": "CVE-2023-4156", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://bugs.openldap.org/show_bug.cgi?id=10421", - "https://seclists.org/fulldisclosure/2026/Jan/5", - "https://seclists.org/fulldisclosure/2026/Jan/8", - "https://www.openldap.org/", - "https://www.vulncheck.com/advisories/openldap-lmdb-mdb-load-heap-buffer-underflow-in-readline" + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" ], - "description": "OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition.", + "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "cvss": [ { - "source": "disclosure@vulncheck.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "metrics": { + "baseScore": 7.1, + "exploitabilityScore": 1.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + }, + { + "source": "secalert@redhat.com", "type": "Secondary", - "version": "4.0", - "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "metrics": { - "baseScore": 4.6 + "baseScore": 4.4, + "exploitabilityScore": 1.9, + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22185", - "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "cve": "CVE-2023-4156", + "epss": 0.00024, + "percentile": 0.06199, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22185", + "cve": "CVE-2023-4156", "cwe": "CWE-125", - "source": "disclosure@vulncheck.com", + "source": "secalert@redhat.com", "type": "Secondary" }, { - "cve": "CVE-2026-22185", - "cwe": "CWE-191", - "source": "disclosure@vulncheck.com", - "type": "Secondary" + "cve": "CVE-2023-4156", + "cwe": "CWE-125", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -5913,21 +6085,21 @@ "version": "9.7" }, "package": { - "name": "openldap", - "version": "0:2.6.8-4.el9" + "name": "gawk", + "version": "0:5.1.0-6.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-22185", + "vulnerabilityID": "CVE-2023-4156", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "88f70f8a830c0797", - "name": "openldap", - "version": "2.6.8-4.el9", + "id": "9dcf052ea12fdad7", + "name": "gawk", + "version": "5.1.0-6.el9", "type": "rpm", "locations": [ { @@ -5941,13 +6113,13 @@ ], "language": "", "licenses": [ - "OLDAP-2.8" + "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" ], "cpes": [ - "cpe:2.3:a:openldap:openldap:2.6.8-4.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:openldap:2.6.8-4.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/openldap@2.6.8-4.el9?arch=x86_64&distro=rhel-9.7&upstream=openldap-2.6.8-4.el9.src.rpm", + "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -5958,37 +6130,37 @@ }, { "vulnerability": { - "id": "CVE-2025-5916", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", "namespace": "redhat:distro:redhat:9", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -5998,59 +6170,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01173 + "risk": 0.01008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5916", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5916", + "id": "CVE-2026-1757", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5916", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", - "https://github.com/libarchive/libarchive/pull/2568", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://access.redhat.com/security/cve/CVE-2026-1757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", - "metrics": { - "baseScore": 5.6, - "exploitabilityScore": 1.4, - "impactScore": 4.3 - }, - "vendorMetadata": {} - }, { "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.9, - "exploitabilityScore": 1.4, - "impactScore": 2.6 + "baseScore": 6.2, + "exploitabilityScore": 2.6, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-5916", - "epss": 0.00034, - "percentile": 0.09882, - "date": "2026-02-23" + "cve": "CVE-2026-1757", + "epss": 0.00018, + "percentile": 0.04164, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5916", - "cwe": "CWE-190", + "cve": "CVE-2026-1757", + "cwe": "CWE-401", "source": "secalert@redhat.com", "type": "Secondary" } @@ -6067,21 +6225,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5916", + "vulnerabilityID": "CVE-2026-1757", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -6095,13 +6253,13 @@ ], "language": "", "licenses": [ - "BSD" + "MIT" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6112,20 +6270,20 @@ }, { "vulnerability": { - "id": "CVE-2025-5917", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-5917", + "id": "CVE-2025-30258", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.7, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6133,17 +6291,17 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ], @@ -6152,42 +6310,41 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.011309999999999999 + "risk": 0.007125000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-5917", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-5917", + "id": "CVE-2025-30258", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-5917", - "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", - "https://github.com/libarchive/libarchive/pull/2588", - "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" ], - "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", + "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5, - "exploitabilityScore": 1.4, + "baseScore": 4.7, + "exploitabilityScore": 1.1, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "secalert@redhat.com", + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.7, + "exploitabilityScore": 1.1, "impactScore": 1.5 }, "vendorMetadata": {} @@ -6195,17 +6352,17 @@ ], "epss": [ { - "cve": "CVE-2025-5917", - "epss": 0.00039, - "percentile": 0.11798, - "date": "2026-02-23" + "cve": "CVE-2025-30258", + "epss": 0.00025, + "percentile": 0.06354, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-5917", - "cwe": "CWE-787", - "source": "secalert@redhat.com", + "cve": "CVE-2025-30258", + "cwe": "CWE-754", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -6221,21 +6378,21 @@ "version": "9.7" }, "package": { - "name": "libarchive", - "version": "0:3.5.3-6.el9_6" + "name": "gnupg2", + "version": "0:2.3.3-5.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-5917", + "vulnerabilityID": "CVE-2025-30258", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "df491715ef44a4eb", - "name": "libarchive", - "version": "3.5.3-6.el9_6", + "id": "6612ed205a98e91d", + "name": "gnupg2", + "version": "2.3.3-5.el9_7", "type": "rpm", "locations": [ { @@ -6249,13 +6406,13 @@ ], "language": "", "licenses": [ - "BSD" + "GPLv3+" ], "cpes": [ - "cpe:2.3:a:libarchive:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libarchive:3.5.3-6.el9_6:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libarchive@3.5.3-6.el9_6?arch=x86_64&distro=rhel-9.7&upstream=libarchive-3.5.3-6.el9_6.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-5.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -6266,45 +6423,39 @@ }, { "vulnerability": { - "id": "CVE-2023-4156", - "dataSource": "https://access.redhat.com/security/cve/CVE-2023-4156", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.9, - "impactScore": 4.3 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -6312,65 +6463,52 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.01092 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-4156", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2023-4156", - "https://bugzilla.redhat.com/show_bug.cgi?id=2215930" - ], - "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "metrics": { - "baseScore": 7.1, - "exploitabilityScore": 1.9, - "impactScore": 5.2 - }, - "vendorMetadata": {} - }, + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" + ], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", + "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.4, - "exploitabilityScore": 1.9, - "impactScore": 2.6 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-4156", - "epss": 0.00024, - "percentile": 0.06416, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-4156", + "cve": "CVE-2025-9232", "cwe": "CWE-125", - "source": "secalert@redhat.com", + "source": "openssl-security@openssl.org", "type": "Secondary" - }, - { - "cve": "CVE-2023-4156", - "cwe": "CWE-125", - "source": "nvd@nist.gov", - "type": "Primary" } ] } @@ -6385,21 +6523,21 @@ "version": "9.7" }, "package": { - "name": "gawk", - "version": "0:5.1.0-6.el9" + "name": "openssl", + "version": "1:3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2023-4156", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9dcf052ea12fdad7", - "name": "gawk", - "version": "5.1.0-6.el9", + "id": "019f13958fa4dc68", + "name": "openssl", + "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { @@ -6413,56 +6551,56 @@ ], "language": "", "licenses": [ - "GPLv3+ and GPLv2+ and LGPLv2+ and BSD" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:redhat:gawk:5.1.0-6.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:gawk:gawk:5.1.0-6.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/gawk@5.1.0-6.el9?arch=x86_64&distro=rhel-9.7&upstream=gawk-5.1.0-6.el9.src.rpm", + "purl": "pkg:rpm/redhat/openssl@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2026-1757", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1757", + "id": "CVE-2025-9232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-9232", "namespace": "redhat:distro:redhat:9", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { @@ -6470,28 +6608,33 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.008960000000000001 + "risk": 0.0070149999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1757", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1757", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1757", - "https://bugzilla.redhat.com/show_bug.cgi?id=2435940" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 6.2, - "exploitabilityScore": 2.6, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} @@ -6499,25 +6642,25 @@ ], "epss": [ { - "cve": "CVE-2026-1757", - "epss": 0.00016, - "percentile": 0.03471, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1757", - "cwe": "CWE-401", - "source": "secalert@redhat.com", - "type": "Primary" + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6525,21 +6668,21 @@ "version": "9.7" }, "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" + "name": "openssl", + "version": "3.5.1-7.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1757", + "vulnerabilityID": "CVE-2025-9232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", + "id": "15b6910272a6e502", + "name": "openssl-libs", + "version": "1:3.5.1-7.el9_7", "type": "rpm", "locations": [ { @@ -6553,56 +6696,73 @@ ], "language": "", "licenses": [ - "MIT" + "Apache-2.0" ], "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:openssl-libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl-libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl_libs:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:openssl:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl-libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:openssl_libs:1\\:3.5.1-7.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/openssl-libs@3.5.1-7.el9_7?arch=x86_64&distro=rhel-9.7&epoch=1&upstream=openssl-3.5.1-7.el9_7.src.rpm", + "upstreams": [ + { + "name": "openssl", + "version": "3.5.1-7.el9_7" + } ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { - "epoch": null, + "epoch": 1, "modularityLabel": "" } } }, { "vulnerability": { - "id": "CVE-2025-30258", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-30258", + "id": "CVE-2024-0232", + "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -6610,67 +6770,74 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.007125000000000001 + "risk": 0.00693 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-30258", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "id": "CVE-2024-0232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://dev.gnupg.org/T7527", - "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", - "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html" + "https://access.redhat.com/security/cve/CVE-2024-0232", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", + "https://security.netapp.com/advisory/ntap-20240315-0007/" ], - "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} }, { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.7, + "baseScore": 4.7, "exploitabilityScore": 1.1, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-30258", - "epss": 0.00025, - "percentile": 0.06625, - "date": "2026-02-23" + "cve": "CVE-2024-0232", + "epss": 0.00018, + "percentile": 0.04243, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-30258", - "cwe": "CWE-754", - "source": "cve@mitre.org", + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "secalert@redhat.com", "type": "Secondary" + }, + { + "cve": "CVE-2024-0232", + "cwe": "CWE-416", + "source": "nvd@nist.gov", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6678,21 +6845,21 @@ "version": "9.7" }, "package": { - "name": "gnupg2", - "version": "0:2.3.3-5.el9_7" + "name": "sqlite", + "version": "3.34.1-9.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2025-30258", + "vulnerabilityID": "CVE-2024-0232", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6612ed205a98e91d", - "name": "gnupg2", - "version": "2.3.3-5.el9_7", + "id": "1bd197aae1b6fd3b", + "name": "sqlite-libs", + "version": "3.34.1-9.el9_7", "type": "rpm", "locations": [ { @@ -6706,14 +6873,25 @@ ], "language": "", "licenses": [ - "GPLv3+" + "Public Domain" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" + ], + "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", + "upstreams": [ + { + "name": "sqlite", + "version": "3.34.1-9.el9_7" + } ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-5.el9_7.src.rpm", - "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6723,45 +6901,39 @@ }, { "vulnerability": { - "id": "CVE-2024-0232", - "dataSource": "https://access.redhat.com/security/cve/CVE-2024-0232", + "id": "CVE-2025-6170", + "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, + "baseScore": 2.5, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" } ], "fix": { @@ -6769,31 +6941,30 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00693 + "risk": 0.006875 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-0232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-0232", + "id": "CVE-2025-6170", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2024-0232", - "https://bugzilla.redhat.com/show_bug.cgi?id=2243754", - "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/", - "https://security.netapp.com/advisory/ntap-20240315-0007/" + "https://access.redhat.com/security/cve/CVE-2025-6170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" ], - "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", + "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -6801,42 +6972,36 @@ "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.7, + "baseScore": 2.5, "exploitabilityScore": 1.1, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-0232", - "epss": 0.00018, - "percentile": 0.04213, - "date": "2026-02-23" + "cve": "CVE-2025-6170", + "epss": 0.00025, + "percentile": 0.06308, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", + "cve": "CVE-2025-6170", + "cwe": "CWE-121", "source": "secalert@redhat.com", "type": "Secondary" - }, - { - "cve": "CVE-2024-0232", - "cwe": "CWE-416", - "source": "nvd@nist.gov", - "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "rpm-matcher", "searchedBy": { "distro": { @@ -6844,21 +7009,21 @@ "version": "9.7" }, "package": { - "name": "sqlite", - "version": "3.34.1-9.el9_7" + "name": "libxml2", + "version": "0:2.9.13-14.el9_7" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2024-0232", + "vulnerabilityID": "CVE-2025-6170", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "1bd197aae1b6fd3b", - "name": "sqlite-libs", - "version": "3.34.1-9.el9_7", + "id": "a840257087cebda4", + "name": "libxml2", + "version": "2.9.13-14.el9_7", "type": "rpm", "locations": [ { @@ -6872,25 +7037,14 @@ ], "language": "", "licenses": [ - "Public Domain" + "MIT" ], "cpes": [ - "cpe:2.3:a:sqlite-libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite-libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite_libs:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite-libs:3.34.1-9.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:sqlite:sqlite_libs:3.34.1-9.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/sqlite-libs@3.34.1-9.el9_7?arch=x86_64&distro=rhel-9.7&upstream=sqlite-3.34.1-9.el9_7.src.rpm", - "upstreams": [ - { - "name": "sqlite", - "version": "3.34.1-9.el9_7" - } + "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" ], + "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "upstreams": [], "metadataType": "RpmMetadata", "metadata": { "epoch": null, @@ -6923,8 +7077,8 @@ { "cve": "CVE-2026-0989", "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ @@ -6971,8 +7125,8 @@ { "cve": "CVE-2026-0989", "epss": 0.0002, - "percentile": 0.04911, - "date": "2026-02-23" + "percentile": 0.04896, + "date": "2026-03-09" } ], "cwes": [ @@ -7063,8 +7217,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ @@ -7129,8 +7283,8 @@ { "cve": "CVE-2023-30571", "epss": 0.00013, - "percentile": 0.02046, - "date": "2026-02-23" + "percentile": 0.02062, + "date": "2026-03-09" } ], "cwes": [ @@ -7227,8 +7381,8 @@ { "cve": "CVE-2026-0992", "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ @@ -7275,8 +7429,8 @@ { "cve": "CVE-2026-0992", "epss": 0.00022, - "percentile": 0.05556, - "date": "2026-02-23" + "percentile": 0.05567, + "date": "2026-03-09" } ], "cwes": [ @@ -7367,8 +7521,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02086, + "date": "2026-03-09" } ], "cwes": [ @@ -7437,8 +7591,8 @@ { "cve": "CVE-2022-3219", "epss": 0.00013, - "percentile": 0.02087, - "date": "2026-02-23" + "percentile": 0.02086, + "date": "2026-03-09" } ], "cwes": [ @@ -7498,163 +7652,10 @@ "GPLv3+" ], "cpes": [ - "cpe:2.3:a:gnupg2:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*" - ], - "purl": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-5.el9_7.src.rpm", - "upstreams": [], - "metadataType": "RpmMetadata", - "metadata": { - "epoch": null, - "modularityLabel": "" - } - } - }, - { - "vulnerability": { - "id": "CVE-2025-6170", - "dataSource": "https://access.redhat.com/security/cve/CVE-2025-6170", - "namespace": "redhat:distro:redhat:9", - "severity": "Low", - "urls": [], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", - "cvss": [ - { - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0055000000000000005 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-6170", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-6170", - "namespace": "nvd:cpe", - "severity": "Low", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-6170", - "https://bugzilla.redhat.com/show_bug.cgi?id=2372952", - "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html" - ], - "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-6170", - "epss": 0.0002, - "percentile": 0.05052, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-6170", - "cwe": "CWE-121", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "rpm-matcher", - "searchedBy": { - "distro": { - "type": "redhat", - "version": "9.7" - }, - "package": { - "name": "libxml2", - "version": "0:2.9.13-14.el9_7" - }, - "namespace": "redhat:distro:redhat:9" - }, - "found": { - "vulnerabilityID": "CVE-2025-6170", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "a840257087cebda4", - "name": "libxml2", - "version": "2.9.13-14.el9_7", - "type": "rpm", - "locations": [ - { - "path": "/var/lib/rpm/rpmdb.sqlite", - "layerID": "sha256:62e974319a8c6b87601ec5543c36bc17f9f54e585ddc61de1990249e8ebd7bf4", - "accessPath": "/var/lib/rpm/rpmdb.sqlite", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [ - "MIT" - ], - "cpes": [ - "cpe:2.3:a:libxml2:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*", - "cpe:2.3:a:redhat:libxml2:2.9.13-14.el9_7:*:*:*:*:*:*:*" + "cpe:2.3:a:gnupg2:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*", + "cpe:2.3:a:redhat:gnupg2:2.3.3-5.el9_7:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/libxml2@2.9.13-14.el9_7?arch=x86_64&distro=rhel-9.7&upstream=libxml2-2.9.13-14.el9_7.src.rpm", + "purl": "pkg:rpm/redhat/gnupg2@2.3.3-5.el9_7?arch=x86_64&distro=rhel-9.7&upstream=gnupg2-2.3.3-5.el9_7.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -7688,8 +7689,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03553, - "date": "2026-02-23" + "percentile": 0.03626, + "date": "2026-03-09" } ], "cwes": [ @@ -7748,8 +7749,8 @@ { "cve": "CVE-2025-66382", "epss": 0.00016, - "percentile": 0.03553, - "date": "2026-02-23" + "percentile": 0.03626, + "date": "2026-03-09" } ], "cwes": [ @@ -7839,9 +7840,9 @@ "epss": [ { "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ @@ -7857,7 +7858,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0036849999999999995 + "risk": 0.0043549999999999995 }, "relatedVulnerabilities": [ { @@ -7899,9 +7900,9 @@ "epss": [ { "cve": "CVE-2026-24883", - "epss": 0.00011, - "percentile": 0.01314, - "date": "2026-02-23" + "epss": 0.00013, + "percentile": 0.01881, + "date": "2026-03-09" } ], "cwes": [ @@ -7991,9 +7992,9 @@ "epss": [ { "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ @@ -8001,7 +8002,7 @@ "cve": "CVE-2025-9820", "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8009,7 +8010,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0034999999999999996 + "risk": 0.00385 }, "relatedVulnerabilities": [ { @@ -8018,6 +8019,7 @@ "namespace": "nvd:cpe", "severity": "Medium", "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/security/cve/CVE-2025-9820", "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", @@ -8029,7 +8031,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -8043,9 +8045,9 @@ "epss": [ { "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ @@ -8053,7 +8055,7 @@ "cve": "CVE-2025-9820", "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8136,8 +8138,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -8185,8 +8187,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -8288,8 +8290,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -8337,8 +8339,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -8417,20 +8419,20 @@ }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8438,18 +8440,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { @@ -8457,43 +8459,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00177 + "risk": 0.00232 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2026-1485", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://access.redhat.com/security/cve/CVE-2026-1485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, + "baseScore": 2.8, + "exploitabilityScore": 1.4, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8501,18 +8488,18 @@ ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2026-1485", + "epss": 0.00008, + "percentile": 0.00641, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", - "type": "Secondary" + "cve": "CVE-2026-1485", + "cwe": "CWE-124", + "source": "secalert@redhat.com", + "type": "Primary" } ] } @@ -8527,21 +8514,21 @@ "version": "9.7" }, "package": { - "name": "zlib", - "version": "0:1.2.11-40.el9" + "name": "glib2", + "version": "0:2.68.4-18.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2026-1485", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "3b95a370d9cbeb72", - "name": "zlib", - "version": "1.2.11-40.el9", + "id": "30f092785d030af5", + "name": "glib2", + "version": "2.68.4-18.el9_7.1", "type": "rpm", "locations": [ { @@ -8555,13 +8542,13 @@ ], "language": "", "licenses": [ - "zlib and Boost" + "LGPLv2+" ], "cpes": [ - "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", - "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", + "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8594,9 +8581,9 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ @@ -8612,7 +8599,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0016350000000000002 + "risk": 0.0021800000000000005 }, "relatedVulnerabilities": [ { @@ -8655,9 +8642,9 @@ "epss": [ { "cve": "CVE-2025-68972", - "epss": 0.00003, - "percentile": 0.00102, - "date": "2026-02-23" + "epss": 0.00004, + "percentile": 0.00132, + "date": "2026-03-09" } ], "cwes": [ @@ -8725,12 +8712,12 @@ }, { "vulnerability": { - "id": "CVE-2026-24515", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", + "id": "CVE-2026-27171", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-27171", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "A flaw was found in zlib. An attacker providing specially crafted input to the `crc32_combine64` or `crc32_combine_gen64` functions could trigger an infinite loop within the `x2nmodp` function. This leads to excessive CPU consumption, which can result in a Denial of Service (DoS) for the affected system.", "cvss": [ { "type": "Secondary", @@ -8746,18 +8733,18 @@ ], "epss": [ { - "cve": "CVE-2026-24515", - "epss": 0.00005, - "percentile": 0.00188, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24515", - "cwe": "CWE-476", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", "source": "cve@mitre.org", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8765,28 +8752,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.001475 + "risk": 0.00177 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-24515", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://github.com/libexpat/libexpat/pull/1131" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.5, - "exploitabilityScore": 1.1, - "impactScore": 1.5 + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -8805,18 +8796,18 @@ ], "epss": [ { - "cve": "CVE-2026-24515", - "epss": 0.00005, - "percentile": 0.00188, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-24515", - "cwe": "CWE-476", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", "source": "cve@mitre.org", - "type": "Primary" + "type": "Secondary" } ] } @@ -8831,21 +8822,21 @@ "version": "9.7" }, "package": { - "name": "expat", - "version": "0:2.5.0-5.el9_7.1" + "name": "zlib", + "version": "0:1.2.11-40.el9" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-24515", + "vulnerabilityID": "CVE-2026-27171", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8d62d2fd9a412188", - "name": "expat", - "version": "2.5.0-5.el9_7.1", + "id": "3b95a370d9cbeb72", + "name": "zlib", + "version": "1.2.11-40.el9", "type": "rpm", "locations": [ { @@ -8859,13 +8850,13 @@ ], "language": "", "licenses": [ - "MIT" + "zlib and Boost" ], "cpes": [ - "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:zlib:1.2.11-40.el9:*:*:*:*:*:*:*", + "cpe:2.3:a:zlib:zlib:1.2.11-40.el9:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/zlib@1.2.11-40.el9?arch=x86_64&distro=rhel-9.7&upstream=zlib-1.2.11-40.el9.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -8876,20 +8867,20 @@ }, { "vulnerability": { - "id": "CVE-2026-1485", - "dataSource": "https://access.redhat.com/security/cve/CVE-2026-1485", + "id": "CVE-2026-24515", + "dataSource": "https://access.redhat.com/security/cve/CVE-2026-24515", "namespace": "redhat:distro:redhat:9", "severity": "Low", "urls": [], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8897,17 +8888,17 @@ ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00246, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Primary" } ], @@ -8916,28 +8907,39 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00145 + "risk": 0.001475 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-1485", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-1485", + "id": "CVE-2026-24515", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515", "namespace": "nvd:cpe", "severity": "Low", "urls": [ - "https://access.redhat.com/security/cve/CVE-2026-1485", - "https://bugzilla.redhat.com/show_bug.cgi?id=2433325" + "https://github.com/libexpat/libexpat/pull/1131" ], - "description": "A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.", + "description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.5, + "exploitabilityScore": 1.1, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 2.8, - "exploitabilityScore": 1.4, + "baseScore": 2.9, + "exploitabilityScore": 1.5, "impactScore": 1.5 }, "vendorMetadata": {} @@ -8945,17 +8947,17 @@ ], "epss": [ { - "cve": "CVE-2026-1485", + "cve": "CVE-2026-24515", "epss": 0.00005, - "percentile": 0.00255, - "date": "2026-02-23" + "percentile": 0.00246, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-1485", - "cwe": "CWE-124", - "source": "secalert@redhat.com", + "cve": "CVE-2026-24515", + "cwe": "CWE-476", + "source": "cve@mitre.org", "type": "Primary" } ] @@ -8971,21 +8973,21 @@ "version": "9.7" }, "package": { - "name": "glib2", - "version": "0:2.68.4-18.el9_7.1" + "name": "expat", + "version": "0:2.5.0-5.el9_7.1" }, "namespace": "redhat:distro:redhat:9" }, "found": { - "vulnerabilityID": "CVE-2026-1485", + "vulnerabilityID": "CVE-2026-24515", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "30f092785d030af5", - "name": "glib2", - "version": "2.68.4-18.el9_7.1", + "id": "8d62d2fd9a412188", + "name": "expat", + "version": "2.5.0-5.el9_7.1", "type": "rpm", "locations": [ { @@ -8999,13 +9001,13 @@ ], "language": "", "licenses": [ - "LGPLv2+" + "MIT" ], "cpes": [ - "cpe:2.3:a:redhat:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*", - "cpe:2.3:a:glib2:glib2:2.68.4-18.el9_7.1:*:*:*:*:*:*:*" + "cpe:2.3:a:redhat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*", + "cpe:2.3:a:expat:expat:2.5.0-5.el9_7.1:*:*:*:*:*:*:*" ], - "purl": "pkg:rpm/redhat/glib2@2.68.4-18.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=glib2-2.68.4-18.el9_7.1.src.rpm", + "purl": "pkg:rpm/redhat/expat@2.5.0-5.el9_7.1?arch=x86_64&distro=rhel-9.7&upstream=expat-2.5.0-5.el9_7.1.src.rpm", "upstreams": [], "metadataType": "RpmMetadata", "metadata": { @@ -9436,7 +9438,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -9615,107 +9617,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/agent/grype-26.2.4.md b/docs/security/agent/grype-26.2.4.md index c33f61e..b90f8da 100644 --- a/docs/security/agent/grype-26.2.4.md +++ b/docs/security/agent/grype-26.2.4.md @@ -6,12 +6,12 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | glib2 | 2.68.4-18.el9_7.1 | [CVE-2025-14087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14087) | Medium | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | -| glib2 | 2.68.4-18.el9_7.1 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | +| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | glib2 | 2.68.4-18.el9_7.1 | [CVE-2026-1489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1489) | Medium | | glib2 | 2.68.4-18.el9_7.1 | [CVE-2026-1484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1484) | Medium | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0990) | Medium | +| glib2 | 2.68.4-18.el9_7.1 | [CVE-2025-14512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14512) | Medium | | gnutls | 3.8.3-9.el9 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | -| libarchive | 3.5.3-6.el9_6 | [CVE-2025-60753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60753) | Medium | | coreutils-single | 8.32-39.el9 | [CVE-2025-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5278) | Medium | | openldap | 2.6.8-4.el9 | [CVE-2026-22185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22185) | Medium | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-1757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1757) | Medium | @@ -35,35 +35,35 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | glib2 | 2.68.4-18.el9_7.1 | [CVE-2023-32636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32636) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2025-27113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27113) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-1632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1632) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | | openssl | 1:3.5.1-7.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | | openssl-libs | 1:3.5.1-7.el9_7 | [CVE-2024-13176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2023-45322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45322) | Low | -| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | -| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| glib2 | 2.68.4-18.el9_7.1 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | libtasn1 | 4.16.0-9.el9 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | Low | | ncurses-base | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | ncurses-libs | 6.2-12.20210508.el9 | [CVE-2023-50495](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50495) | Low | | libgcc | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | | libstdc++ | 11.5.0-11.el9 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Low | +| pcre2 | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | +| pcre2-syntax | 10.40-6.el9 | [CVE-2022-41409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41409) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5915) | Low | -| glib2 | 2.68.4-18.el9_7.1 | [CVE-2026-0988](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0988) | Low | | glib2 | 2.68.4-18.el9_7.1 | [CVE-2025-7039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7039) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918) | Low | -| openssl | 1:3.5.1-7.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | -| openssl-libs | 1:3.5.1-7.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916) | Low | | libarchive | 3.5.3-6.el9_6 | [CVE-2025-5917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917) | Low | | gawk | 5.1.0-6.el9 | [CVE-2023-4156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4156) | Low | | gnupg2 | 2.3.3-5.el9_7 | [CVE-2025-30258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30258) | Low | +| openssl | 1:3.5.1-7.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | +| openssl-libs | 1:3.5.1-7.el9_7 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Low | | sqlite-libs | 3.34.1-9.el9_7 | [CVE-2024-0232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0232) | Low | +| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0989) | Low | | libxml2 | 2.9.13-14.el9_7 | [CVE-2026-0992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0992) | Low | | gnupg2 | 2.3.3-5.el9_7 | [CVE-2022-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219) | Low | -| libxml2 | 2.9.13-14.el9_7 | [CVE-2025-6170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6170) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2025-66382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66382) | Low | | gnupg2 | 2.3.3-5.el9_7 | [CVE-2026-24883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24883) | Low | | gnutls | 3.8.3-9.el9 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Low | +| glib2 | 2.68.4-18.el9_7.1 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | zlib | 1.2.11-40.el9 | [CVE-2026-27171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27171) | Low | | expat | 2.5.0-5.el9_7.1 | [CVE-2026-24515](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24515) | Low | -| glib2 | 2.68.4-18.el9_7.1 | [CVE-2026-1485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1485) | Low | | lz4-libs | 1.9.3-5.el9 | [CVE-2025-62813](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-62813) | Unknown | diff --git a/docs/security/oss/grype-4.0.14.json b/docs/security/oss/grype-4.0.14.json index 47a8432..d431e02 100644 --- a/docs/security/oss/grype-4.0.14.json +++ b/docs/security/oss/grype-4.0.14.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" + "percentile": 0.8064, + "date": "2026-03-09" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" + "percentile": 0.8064, + "date": "2026-03-09" } ], "cwes": [ @@ -196,7 +196,7 @@ "namespace": "debian:distro:debian:12", "severity": "Critical", "urls": [], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -214,9 +214,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -246,7 +246,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.6316800000000001 + "risk": 0.9494 }, "relatedVulnerabilities": [ { @@ -261,9 +261,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -281,9 +282,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -382,8 +383,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87837, - "date": "2026-02-23" + "percentile": 0.87877, + "date": "2026-03-09" } ], "cwes": [ @@ -517,8 +518,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87837, - "date": "2026-02-23" + "percentile": 0.87877, + "date": "2026-03-09" } ], "cwes": [ @@ -582,100 +583,105 @@ }, { "vulnerability": { - "id": "CVE-2026-2004", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", + "id": "CVE-2025-69420", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30295, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2004", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.16-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.16-0+deb12u1", - "date": "2026-02-12", + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { - "id": "DSA-6132-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.093725 + "risk": 0.14925 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-2004", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2026-2004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30295, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2004", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -691,63 +697,92 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-2004", - "versionConstraint": "< 15.16-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.16-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2015-3276", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { - "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82309, - "date": "2026-02-23" + "cve": "CVE-2017-17740", + "epss": 0.02871, + "percentile": 0.86062, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -755,27 +790,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08785 + "risk": 0.14355 }, "relatedVulnerabilities": [ { - "id": "CVE-2015-3276", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://rhn.redhat.com/errata/RHSA-2015-2131.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securitytracker.com/id/1034221", - "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -787,7 +823,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -798,10 +834,18 @@ ], "epss": [ { - "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82309, - "date": "2026-02-23" + "cve": "CVE-2017-17740", + "epss": 0.02871, + "percentile": 0.86062, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -822,7 +866,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2015-3276", + "vulnerabilityID": "CVE-2017-17740", "versionConstraint": "none (unknown)" } } @@ -866,90 +910,101 @@ }, { "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "id": "CVE-2026-2004", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [], + "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81831, - "date": "2026-02-23" + "cve": "CVE-2026-2004", + "epss": 0.00115, + "percentile": 0.30109, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-2004", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.16-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.16-0+deb12u1", + "date": "2026-02-12", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.08345000000000001 + "advisories": [ + { + "id": "DSA-6132-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + } + ], + "risk": 0.093725 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "id": "CVE-2026-2004", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://www.postgresql.org/support/security/CVE-2026-2004/" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81831, - "date": "2026-02-23" + "cve": "CVE-2026-2004", + "epss": 0.00115, + "percentile": 0.30109, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-2004", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -964,87 +1019,63 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-20796", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-2004", + "versionConstraint": "< 15.16-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.16-0+deb12u1" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "glibc" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2015-3276", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81681, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2015-3276", + "epss": 0.01757, + "percentile": 0.82337, + "date": "2026-03-09" } ], "fix": { @@ -1052,28 +1083,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08215 + "risk": 0.08785 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "id": "CVE-2015-3276", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "http://rhn.redhat.com/errata/RHSA-2015-2131.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securitytracker.com/id/1034221", + "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1085,7 +1115,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1096,18 +1126,10 @@ ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81681, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2015-3276", + "epss": 0.01757, + "percentile": 0.82337, + "date": "2026-03-09" } ] } @@ -1128,7 +1150,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2015-3276", "versionConstraint": "none (unknown)" } } @@ -1172,25 +1194,25 @@ }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80809, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1200,25 +1222,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.07425000000000001 + "risk": 0.0746 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1230,7 +1255,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1241,16 +1266,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80809, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1267,50 +1292,60 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-20796", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } @@ -1328,8 +1363,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1388,8 +1423,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1424,15 +1459,15 @@ } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -1441,9 +1476,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1464,8 +1508,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1524,8 +1568,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1560,15 +1604,15 @@ } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -1577,14 +1621,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1605,8 +1644,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1665,8 +1704,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1701,13 +1740,154 @@ } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.07425000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { @@ -1754,8 +1934,8 @@ { "cve": "CVE-2026-2006", "epss": 0.00075, - "percentile": 0.22584, - "date": "2026-02-23" + "percentile": 0.22442, + "date": "2026-03-09" } ], "cwes": [ @@ -1815,8 +1995,8 @@ { "cve": "CVE-2026-2006", "epss": 0.00075, - "percentile": 0.22584, - "date": "2026-02-23" + "percentile": 0.22442, + "date": "2026-03-09" } ], "cwes": [ @@ -1907,8 +2087,8 @@ { "cve": "CVE-2026-2005", "epss": 0.00066, - "percentile": 0.20357, - "date": "2026-02-23" + "percentile": 0.20179, + "date": "2026-03-09" } ], "cwes": [ @@ -1968,8 +2148,8 @@ { "cve": "CVE-2026-2005", "epss": 0.00066, - "percentile": 0.20357, - "date": "2026-02-23" + "percentile": 0.20179, + "date": "2026-03-09" } ], "cwes": [ @@ -2060,8 +2240,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.28169, - "date": "2026-02-23" + "percentile": 0.27974, + "date": "2026-03-09" } ], "fix": { @@ -2104,8 +2284,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.28169, - "date": "2026-02-23" + "percentile": 0.27974, + "date": "2026-03-09" } ] } @@ -2161,16 +2341,16 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2183,16 +2363,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2216,24 +2396,36 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.0525 + "risk": 0.048749999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -2249,16 +2441,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2281,7 +2473,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { @@ -2340,50 +2532,229 @@ }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75372, - "date": "2026-02-23" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0452 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.045445 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-0725", + "epss": 0.00904, + "percentile": 0.75428, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0452 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", "https://security.netapp.com/advisory/ntap-20250306-0009/" ], "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", @@ -2405,8 +2776,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75372, - "date": "2026-02-23" + "percentile": 0.75428, + "date": "2026-03-09" } ], "cwes": [ @@ -2494,8 +2865,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ @@ -2544,8 +2915,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ @@ -2610,106 +2981,87 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74743, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.044250000000000005 + "advisories": [], + "risk": 0.043000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74743, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2724,46 +3076,43 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2019-9192", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -2771,18 +3120,16 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "GPL-2", + "LGPL-2.1" ], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } @@ -2800,8 +3147,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00856, - "percentile": 0.74635, - "date": "2026-02-23" + "percentile": 0.74696, + "date": "2026-03-09" } ], "cwes": [ @@ -2863,8 +3210,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00856, - "percentile": 0.74635, - "date": "2026-02-23" + "percentile": 0.74696, + "date": "2026-03-09" } ], "cwes": [ @@ -2947,87 +3294,96 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", - "cvss": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74388, - "date": "2026-02-23" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22241, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.04205000000000001 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74388, - "date": "2026-02-23" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22241, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -3042,165 +3398,131 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "glibc" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.04171999999999999 + "advisories": [], + "risk": 0.039749999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -3216,46 +3538,43 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69419", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -3263,113 +3582,121 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "GPL-2", + "LGPL-2.1" ], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.2238, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.15-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.040330000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.039654999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.2238, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3385,65 +3712,88 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3451,78 +3801,174 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.039749999999999994 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.0.14" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c905f0929b4d792a", + "name": "fluent-bit", + "version": "4.0.14", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:5b569cad7f670f9ddc6815c98c7ed6f65d91e742fc4575e83f84a680734cd4e0", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.0.14", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70355, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0323 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" + ], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70355, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" }, "package": { "name": "glibc", @@ -3531,7 +3977,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -3585,39 +4031,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-29477", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -3628,7 +4074,7 @@ "state": "" }, "advisories": [], - "risk": 0.037275 + "risk": 0.027825000000000003 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3646,7 +4092,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29478", + "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -3680,113 +4126,86 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67585, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.03605 + "advisories": [], + "risk": 0.0275 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67585, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3794,90 +4213,62 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70329, - "date": "2026-02-23" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66224, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -3887,33 +4278,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0323 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -3932,16 +4321,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70329, - "date": "2026-02-23" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66224, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -3950,7 +4339,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3958,279 +4347,176 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2026-2003", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2003", + "namespace": "debian:distro:debian:12", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" + "cve": "CVE-2026-2003", + "epss": 0.00049, + "percentile": 0.14888, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2003", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "15.16-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.16-0+deb12u1", + "date": "2026-02-12", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.027825000000000003 + "advisories": [ + { + "id": "DSA-6132-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + } + ], + "risk": 0.022785 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2003", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2003", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2026-2003/" + ], + "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-2003", + "epss": 0.00049, + "percentile": 0.14888, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2003", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.0.14" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c905f0929b4d792a", - "name": "fluent-bit", - "version": "4.0.14", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:5b569cad7f670f9ddc6815c98c7ed6f65d91e742fc4575e83f84a680734cd4e0", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.0.14:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.0.14", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66163, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.025750000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66163, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-2003", + "versionConstraint": "< 15.16-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.16-0+deb12u1" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -4239,29 +4525,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "upstreams": [ + { + "name": "postgresql-15" + } + ] } }, { "vulnerability": { - "id": "CVE-2026-2003", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2003", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4269,60 +4559,55 @@ ], "epss": [ { - "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.15197, - "date": "2026-02-23" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20185, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2003", - "cwe": "CWE-1287", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ - "15.16-0+deb12u1" + "15.15-0+deb12u1" ], "state": "fixed", "available": [ { - "version": "15.16-0+deb12u1", - "date": "2026-02-12", - "kind": "advisory" + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-6132-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" - } - ], - "risk": 0.022785 + "advisories": [], + "risk": 0.02013 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-2003", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2003", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://www.postgresql.org/support/security/CVE-2026-2003/" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4330,16 +4615,16 @@ ], "epss": [ { - "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.15197, - "date": "2026-02-23" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20185, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2003", - "cwe": "CWE-1287", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } @@ -4362,11 +4647,11 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-2003", - "versionConstraint": "< 15.16-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" }, "fix": { - "suggestedVersion": "15.16-0+deb12u1" + "suggestedVersion": "15.15-0+deb12u1" } } ], @@ -4400,95 +4685,88 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20362, - "date": "2026-02-23" + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11553, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.02013 + "risk": 0.020085 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20362, - "date": "2026-02-23" + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11553, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4504,30 +4782,27 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -4536,101 +4811,91 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "postgresql-15" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11852, - "date": "2026-02-23" + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59883, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019700000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11852, - "date": "2026-02-23" + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59883, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4645,41 +4910,60 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "curl" + "name": "glibc" } ] } @@ -4695,7 +4979,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -4709,9 +4993,9 @@ "epss": [ { "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ @@ -4719,7 +5003,7 @@ "cve": "CVE-2025-14831", "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -4741,7 +5025,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" } ], - "risk": 0.020085 + "risk": 0.019055 }, "relatedVulnerabilities": [ { @@ -4750,6 +5034,7 @@ "namespace": "nvd:cpe", "severity": "Medium", "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/security/cve/CVE-2025-14831", "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], @@ -4757,7 +5042,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -4771,9 +5056,9 @@ "epss": [ { "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ @@ -4781,7 +5066,7 @@ "cve": "CVE-2025-14831", "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -4840,27 +5125,19 @@ }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59824, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54089, + "date": "2026-03-09" } ], "fix": { @@ -4868,174 +5145,35 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019700000000000002 + "risk": 0.01565 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59824, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010023", - "epss": 0.00322, - "percentile": 0.54833, - "date": "2026-02-23" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0161 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" - ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, + }, { "source": "nvd@nist.gov", "type": "Primary", @@ -5064,9 +5202,9 @@ "epss": [ { "cve": "CVE-2019-1010023", - "epss": 0.00322, - "percentile": 0.54833, - "date": "2026-02-23" + "epss": 0.00313, + "percentile": 0.54089, + "date": "2026-03-09" } ] } @@ -5165,8 +5303,8 @@ { "cve": "CVE-2025-14524", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -5215,8 +5353,8 @@ { "cve": "CVE-2025-14524", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -5304,8 +5442,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -5352,8 +5490,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -5434,130 +5572,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44529, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011100000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44529, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2020-15719", @@ -5571,8 +5585,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43918, - "date": "2026-02-23" + "percentile": 0.43824, + "date": "2026-03-09" } ], "cwes": [ @@ -5636,8 +5650,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43918, - "date": "2026-02-23" + "percentile": 0.43824, + "date": "2026-03-09" } ], "cwes": [ @@ -5720,9 +5734,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5738,7 +5752,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -5768,9 +5782,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5853,9 +5867,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5871,7 +5885,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -5901,9 +5915,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5977,9 +5991,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5995,7 +6009,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6025,9 +6039,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6106,9 +6120,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6124,7 +6138,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6154,9 +6168,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6231,8 +6245,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42503, - "date": "2026-02-23" + "percentile": 0.42397, + "date": "2026-03-09" } ], "cwes": [ @@ -6288,8 +6302,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42503, - "date": "2026-02-23" + "percentile": 0.42397, + "date": "2026-03-09" } ], "cwes": [ @@ -6376,9 +6390,9 @@ "epss": [ { "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ @@ -6408,7 +6422,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.007874999999999998 + "risk": 0.008925 }, "relatedVulnerabilities": [ { @@ -6442,9 +6456,9 @@ "epss": [ { "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ @@ -6494,357 +6508,19 @@ "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], - "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] - }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.00679 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" - } - } - ], - "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libssl3", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], - "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.32792, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00655 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", - "namespace": "nvd:cpe", - "severity": "Critical", - "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.32792, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2019-1010022", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } @@ -6852,16 +6528,18 @@ ], "language": "", "licenses": [ - "GPL-2", - "LGPL-2.1" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } @@ -6878,9 +6556,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -6902,7 +6580,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.008 }, "relatedVulnerabilities": [ { @@ -6945,9 +6623,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7027,9 +6705,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7051,7 +6729,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.008 }, "relatedVulnerabilities": [ { @@ -7094,9 +6772,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7162,77 +6840,106 @@ }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2025-68160", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", - "cvss": [], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00776 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7247,66 +6954,90 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "systemd" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3258, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -7316,47 +7047,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3258, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -7365,7 +7108,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -7373,39 +7116,62 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { - "evidence": "primary" + "evidence": "supporting" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { @@ -7433,9 +7199,9 @@ "epss": [ { "cve": "CVE-2026-0861", - "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ @@ -7451,7 +7217,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.00477 + "risk": 0.006360000000000001 }, "relatedVulnerabilities": [ { @@ -7482,9 +7248,9 @@ "epss": [ { "cve": "CVE-2026-0861", - "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ @@ -7567,24 +7333,24 @@ }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7595,21 +7361,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -7626,15 +7392,15 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7658,7 +7424,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } @@ -7693,24 +7459,24 @@ }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7721,21 +7487,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -7752,15 +7518,15 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7784,7 +7550,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } @@ -7815,25 +7581,25 @@ }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00092, - "percentile": 0.25901, - "date": "2026-02-23" + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -7843,57 +7609,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004600000000000001 + "risk": 0.00585 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00092, - "percentile": 0.25901, - "date": "2026-02-23" + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -7910,27 +7666,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -7939,23 +7695,136 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "openldap" + "name": "systemd" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "cvss": [], + "epss": [ + { + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00585 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" + ], + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "systemd", + "version": "254.26-1~bpo12+1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2023-31439", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", + "type": "deb", + "locations": [ + { + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "annotations": { + "evidence": "primary" + } } - ] + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { @@ -7969,7 +7838,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -7983,9 +7852,9 @@ "epss": [ { "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ @@ -7993,7 +7862,7 @@ "cve": "CVE-2025-9820", "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8004,13 +7873,13 @@ "available": [ { "version": "3.7.9-2+deb12u6", - "date": "2026-02-19", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [], - "risk": 0.0045000000000000005 + "risk": 0.00495 }, "relatedVulnerabilities": [ { @@ -8019,6 +7888,7 @@ "namespace": "nvd:cpe", "severity": "Medium", "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/security/cve/CVE-2025-9820", "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", @@ -8030,7 +7900,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -8044,9 +7914,9 @@ "epss": [ { "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ @@ -8054,7 +7924,7 @@ "cve": "CVE-2025-9820", "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8113,27 +7983,27 @@ }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00072, - "percentile": 0.21926, - "date": "2026-02-23" + "cve": "CVE-2017-14159", + "epss": 0.00092, + "percentile": 0.25756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8141,49 +8011,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0036 + "risk": 0.004600000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-15224.html", - "https://curl.se/docs/CVE-2025-15224.json", - "https://hackerone.com/reports/3480925", - "http://www.openwall.com/lists/oss-security/2026/01/07/7" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.9, + "exploitabilityScore": 3.4, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00072, - "percentile": 0.21926, - "date": "2026-02-23" + "cve": "CVE-2017-14159", + "epss": 0.00092, + "percentile": 0.25756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8198,27 +8078,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -8227,114 +8107,95 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "curl" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8350,27 +8211,27 @@ "version": "12" }, "package": { - "name": "zlib", - "version": "1:1.2.13.dfsg-1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "ca40227a4415e447", - "name": "zlib1g", - "version": "1:1.2.13.dfsg-1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/zlib1g", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/zlib1g", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -8379,12 +8240,21 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:zlib1g:zlib1g:1\\:1.2.13.dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/zlib1g@1%3A1.2.13.dfsg-1?arch=amd64&distro=debian-12&upstream=zlib", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "zlib" + "name": "krb5" } ] } @@ -8401,9 +8271,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8419,7 +8289,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8449,9 +8319,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8486,35 +8356,26 @@ } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -8534,9 +8395,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8552,7 +8413,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8582,9 +8443,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8619,15 +8480,15 @@ } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -8636,9 +8497,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -8658,9 +8524,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8676,7 +8542,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8706,9 +8572,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8743,15 +8609,15 @@ } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -8760,14 +8626,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -8777,25 +8638,25 @@ }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2025-15224", + "epss": 0.00072, + "percentile": 0.21754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -8805,45 +8666,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.0036 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2025-15224", + "epss": 0.00072, + "percentile": 0.21754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -8860,27 +8723,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -8889,12 +8752,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } @@ -8911,9 +8774,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00051, - "percentile": 0.15859, - "date": "2026-02-23" + "epss": 0.00069, + "percentile": 0.20993, + "date": "2026-03-09" } ], "cwes": [ @@ -8929,7 +8792,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00255 + "risk": 0.00345 }, "relatedVulnerabilities": [ { @@ -8959,9 +8822,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00051, - "percentile": 0.15859, - "date": "2026-02-23" + "epss": 0.00069, + "percentile": 0.20993, + "date": "2026-03-09" } ], "cwes": [ @@ -9044,6 +8907,158 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2026-27171", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.00315 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" + ], + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "zlib", + "version": "1:1.2.13.dfsg-1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "ca40227a4415e447", + "name": "zlib1g", + "version": "1:1.2.13.dfsg-1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/zlib1g", + "layerID": "sha256:4bf7fbd79e6288b6c757e3b7d561dcb0cadbe4c2f5abd26d7b217a2179b3fdcb", + "accessPath": "/var/lib/dpkg/status.d/zlib1g", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:zlib1g:zlib1g:1\\:1.2.13.dfsg-1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/zlib1g@1%3A1.2.13.dfsg-1?arch=amd64&distro=debian-12&upstream=zlib", + "upstreams": [ + { + "name": "zlib" + } + ] + } + }, { "vulnerability": { "id": "CVE-2022-27943", @@ -9057,8 +9072,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9118,8 +9133,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9226,8 +9241,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9287,8 +9302,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9363,8 +9378,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9424,8 +9439,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9528,8 +9543,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9589,8 +9604,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9688,8 +9703,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9749,8 +9764,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9861,8 +9876,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ @@ -9927,8 +9942,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ @@ -10027,8 +10042,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10094,8 +10109,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10176,8 +10191,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10243,8 +10258,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10321,8 +10336,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -10371,8 +10386,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -10447,8 +10462,8 @@ { "cve": "CVE-2026-22185", "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ @@ -10502,8 +10517,8 @@ { "cve": "CVE-2026-22185", "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ @@ -10592,9 +10607,9 @@ "epss": [ { "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.0283, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04357, + "date": "2026-03-09" } ], "fix": { @@ -10602,7 +10617,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0007499999999999999 + "risk": 0.0009 }, "relatedVulnerabilities": [ { @@ -10635,9 +10650,9 @@ "epss": [ { "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.0283, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04357, + "date": "2026-03-09" } ] } @@ -10704,8 +10719,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -10753,8 +10768,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -10965,7 +10980,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -11144,107 +11159,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/oss/grype-4.0.14.md b/docs/security/oss/grype-4.0.14.md index 1d04829..0e32b1d 100644 --- a/docs/security/oss/grype-4.0.14.md +++ b/docs/security/oss/grype-4.0.14.md @@ -7,20 +7,20 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | Critical | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2004) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005) | High | -| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | -| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | +| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| fluent-bit | 4.0.14 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | +| fluent-bit | 4.0.14 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.0.14 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | @@ -33,40 +33,40 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | -| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31438) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31438) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31439) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31439) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-14159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14159) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | diff --git a/docs/security/oss/grype-4.1.0.json b/docs/security/oss/grype-4.1.0.json index d1d7983..addcb29 100644 --- a/docs/security/oss/grype-4.1.0.json +++ b/docs/security/oss/grype-4.1.0.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" + "percentile": 0.8064, + "date": "2026-03-09" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" + "percentile": 0.8064, + "date": "2026-03-09" } ], "cwes": [ @@ -196,7 +196,7 @@ "namespace": "debian:distro:debian:12", "severity": "Critical", "urls": [], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -214,9 +214,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -246,7 +246,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.6316800000000001 + "risk": 0.9494 }, "relatedVulnerabilities": [ { @@ -261,9 +261,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -281,9 +282,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -382,8 +383,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87837, - "date": "2026-02-23" + "percentile": 0.87877, + "date": "2026-03-09" } ], "cwes": [ @@ -517,8 +518,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87837, - "date": "2026-02-23" + "percentile": 0.87877, + "date": "2026-03-09" } ], "cwes": [ @@ -582,196 +583,105 @@ }, { "vulnerability": { - "id": "CVE-2025-12970", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12970", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", - "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" - ], - "description": "The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12970", - "epss": 0.00156, - "percentile": 0.36388, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12970", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.12714 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.1.0" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-12970", - "versionConstraint": "= 4.1.0 (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2026-2004", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", + "id": "CVE-2025-69420", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30295, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2004", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.16-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.16-0+deb12u1", - "date": "2026-02-12", + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { - "id": "DSA-6132-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.093725 + "risk": 0.14925 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-2004", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2026-2004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30295, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2004", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -787,63 +697,92 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-2004", - "versionConstraint": "< 15.16-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.16-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2015-3276", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { - "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82309, - "date": "2026-02-23" + "cve": "CVE-2017-17740", + "epss": 0.02871, + "percentile": 0.86062, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -851,27 +790,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08785 + "risk": 0.14355 }, "relatedVulnerabilities": [ { - "id": "CVE-2015-3276", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://rhn.redhat.com/errata/RHSA-2015-2131.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securitytracker.com/id/1034221", - "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -883,7 +823,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -894,16 +834,24 @@ ], "epss": [ { - "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82309, - "date": "2026-02-23" + "cve": "CVE-2017-17740", + "epss": 0.02871, + "percentile": 0.86062, + "date": "2026-03-09" } - ] - } - ], - "matchDetails": [ - { + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { @@ -918,7 +866,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2015-3276", + "vulnerabilityID": "CVE-2017-17740", "versionConstraint": "none (unknown)" } } @@ -962,201 +910,43 @@ }, { "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81831, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.08345000000000001 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" - ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81831, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2018-20796", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-12977", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12977", + "id": "CVE-2025-12970", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12970", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "High", "urls": [ "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" ], - "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.", + "description": "The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 9.1, - "exploitabilityScore": 3.9, - "impactScore": 5.2 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12977", - "epss": 0.00092, - "percentile": 0.25844, - "date": "2026-02-23" + "cve": "CVE-2025-12970", + "epss": 0.00156, + "percentile": 0.36193, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12977", - "cwe": "CWE-1287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2025-12970", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -1164,7 +954,7 @@ "state": "" }, "advisories": [], - "risk": 0.08326 + "risk": 0.12714 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -1182,7 +972,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-12977", + "vulnerabilityID": "CVE-2025-12970", "versionConstraint": "= 4.1.0 (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -1216,56 +1006,200 @@ }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2026-2004", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", - "cvss": [], + "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81681, - "date": "2026-02-23" + "cve": "CVE-2026-2004", + "epss": 0.00115, + "percentile": 0.30109, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-2004", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.16-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.16-0+deb12u1", + "date": "2026-02-12", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.08215 + "advisories": [ + { + "id": "DSA-6132-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + } + ], + "risk": 0.093725 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", - "namespace": "nvd:cpe", + "id": "CVE-2026-2004", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", + "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://www.postgresql.org/support/security/CVE-2026-2004/" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-2004", + "epss": 0.00115, + "percentile": 0.30109, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2004", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "postgresql-15", + "version": "15.14-0+deb12u1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-2004", + "versionConstraint": "< 15.16-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.16-0+deb12u1" + } + } + ], + "artifact": { + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libpq5", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "upstreams": [ + { + "name": "postgresql-15" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2015-3276", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2015-3276", + "epss": 0.01757, + "percentile": 0.82337, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.08785 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2015-3276", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://rhn.redhat.com/errata/RHSA-2015-2131.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securitytracker.com/id/1034221", + "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" + ], + "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1277,7 +1211,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1288,18 +1222,10 @@ ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81681, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2015-3276", + "epss": 0.01757, + "percentile": 0.82337, + "date": "2026-03-09" } ] } @@ -1320,7 +1246,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2015-3276", "versionConstraint": "none (unknown)" } } @@ -1362,6 +1288,102 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2025-12977", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12977", + "namespace": "nvd:cpe", + "severity": "Critical", + "urls": [ + "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", + "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" + ], + "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 9.1, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-12977", + "epss": 0.00092, + "percentile": 0.25704, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-12977", + "cwe": "CWE-1287", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "" + }, + "advisories": [], + "risk": 0.08326 + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.0" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-12977", + "versionConstraint": "= 4.1.0 (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] + } + }, { "vulnerability": { "id": "CVE-2025-12978", @@ -1390,8 +1412,8 @@ { "cve": "CVE-2025-12978", "epss": 0.00153, - "percentile": 0.3597, - "date": "2026-02-23" + "percentile": 0.35776, + "date": "2026-03-09" } ], "fix": { @@ -1451,25 +1473,25 @@ }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80809, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1479,13 +1501,171 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.07425000000000001 + "risk": 0.0746 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", - "namespace": "nvd:cpe", + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80809, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-20796", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2018-20796", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.07425000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", "severity": "High", "urls": [ "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", @@ -1522,8 +1702,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1607,8 +1787,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1667,8 +1847,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1743,8 +1923,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1803,8 +1983,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1884,8 +2064,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1944,8 +2124,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -2033,8 +2213,8 @@ { "cve": "CVE-2026-2006", "epss": 0.00075, - "percentile": 0.22584, - "date": "2026-02-23" + "percentile": 0.22442, + "date": "2026-03-09" } ], "cwes": [ @@ -2094,8 +2274,8 @@ { "cve": "CVE-2026-2006", "epss": 0.00075, - "percentile": 0.22584, - "date": "2026-02-23" + "percentile": 0.22442, + "date": "2026-03-09" } ], "cwes": [ @@ -2186,8 +2366,8 @@ { "cve": "CVE-2026-2005", "epss": 0.00066, - "percentile": 0.20357, - "date": "2026-02-23" + "percentile": 0.20179, + "date": "2026-03-09" } ], "cwes": [ @@ -2247,8 +2427,8 @@ { "cve": "CVE-2026-2005", "epss": 0.00066, - "percentile": 0.20357, - "date": "2026-02-23" + "percentile": 0.20179, + "date": "2026-03-09" } ], "cwes": [ @@ -2339,8 +2519,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.28169, - "date": "2026-02-23" + "percentile": 0.27974, + "date": "2026-03-09" } ], "fix": { @@ -2383,8 +2563,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.28169, - "date": "2026-02-23" + "percentile": 0.27974, + "date": "2026-03-09" } ] } @@ -2440,114 +2620,222 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "id": "CVE-2025-12972", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12972", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", + "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" + ], + "description": "Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-12972", + "epss": 0.00098, + "percentile": 0.26885, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2025-12972", + "cwe": "CWE-22", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.0525 + "advisories": [], + "risk": 0.050469999999999994 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.0" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-12972", + "versionConstraint": "= 4.1.0 (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.048749999999999995 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69421", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", @@ -2560,7 +2848,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { @@ -2619,41 +2907,41 @@ }, { "vulnerability": { - "id": "CVE-2025-12972", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12972", + "id": "CVE-2025-12969", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12969", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" ], - "description": "Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.", + "description": "Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 6.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 2.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12972", - "epss": 0.00098, - "percentile": 0.2707, - "date": "2026-02-23" + "cve": "CVE-2025-12969", + "epss": 0.00082, + "percentile": 0.23966, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12972", - "cwe": "CWE-22", + "cve": "CVE-2025-12969", + "cwe": "CWE-306", "source": "nvd@nist.gov", "type": "Primary" } @@ -2663,7 +2951,7 @@ "state": "" }, "advisories": [], - "risk": 0.050469999999999994 + "risk": 0.04715 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -2681,7 +2969,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-12972", + "vulnerabilityID": "CVE-2025-12969", "versionConstraint": "= 4.1.0 (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -2715,98 +3003,181 @@ }, { "vulnerability": { - "id": "CVE-2025-12969", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12969", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/", - "https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover" - ], - "description": "Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "namespace": "debian:distro:debian:12", + "severity": "High", + "urls": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 6.5, - "exploitabilityScore": 3.9, - "impactScore": 2.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12969", - "epss": 0.00082, - "percentile": 0.24069, - "date": "2026-02-23" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12969", - "cwe": "CWE-306", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.04715 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.045445 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.1.0" - } - }, + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u2" + }, + "namespace": "debian:distro:debian:12" + }, "found": { - "vulnerabilityID": "CVE-2025-12969", - "versionConstraint": "= 4.1.0 (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { @@ -2822,8 +3193,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75372, - "date": "2026-02-23" + "percentile": 0.75428, + "date": "2026-03-09" } ], "cwes": [ @@ -2876,8 +3247,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75372, - "date": "2026-02-23" + "percentile": 0.75428, + "date": "2026-03-09" } ], "cwes": [ @@ -2965,8 +3336,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ @@ -3015,8 +3386,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ @@ -3081,106 +3452,87 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74743, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.044250000000000005 + "advisories": [], + "risk": 0.043000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74743, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -3195,46 +3547,43 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2019-9192", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -3242,18 +3591,16 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "GPL-2", + "LGPL-2.1" ], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } @@ -3271,8 +3618,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00856, - "percentile": 0.74635, - "date": "2026-02-23" + "percentile": 0.74696, + "date": "2026-03-09" } ], "cwes": [ @@ -3334,8 +3681,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00856, - "percentile": 0.74635, - "date": "2026-02-23" + "percentile": 0.74696, + "date": "2026-03-09" } ], "cwes": [ @@ -3418,87 +3765,96 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", - "cvss": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74388, - "date": "2026-02-23" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22241, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.04205000000000001 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74388, - "date": "2026-02-23" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22241, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -3513,165 +3869,131 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "glibc" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.04171999999999999 + "advisories": [], + "risk": 0.039749999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -3687,46 +4009,43 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69419", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -3734,113 +4053,121 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "GPL-2", + "LGPL-2.1" ], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.2238, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.15-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.040330000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.039654999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.2238, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3856,65 +4183,88 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3922,111 +4272,207 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.039749999999999994 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" + "name": "fluent-bit", + "version": "4.1.0" + } }, "found": { - "vulnerabilityID": "CVE-2025-15281", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", + "id": "c9f8017f4b3fb0ab", + "name": "fluent-bit", + "version": "4.1.0", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.0", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70355, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0323 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" + ], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70355, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010024", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" } }, { @@ -4056,39 +4502,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-29477", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -4099,7 +4545,7 @@ "state": "" }, "advisories": [], - "risk": 0.037275 + "risk": 0.027825000000000003 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -4117,7 +4563,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29478", + "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -4151,113 +4597,86 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67585, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.03605 + "advisories": [], + "risk": 0.0275 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67585, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4265,90 +4684,62 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70329, - "date": "2026-02-23" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66224, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -4358,33 +4749,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0323 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -4403,16 +4792,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70329, - "date": "2026-02-23" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66224, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -4421,7 +4810,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -4429,817 +4818,190 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2026-2003", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2003", + "namespace": "debian:distro:debian:12", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" + "cve": "CVE-2026-2003", + "epss": 0.00049, + "percentile": 0.14888, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2003", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "15.16-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.16-0+deb12u1", + "date": "2026-02-12", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.027825000000000003 + "advisories": [ + { + "id": "DSA-6132-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + } + ], + "risk": 0.022785 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2003", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2003", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2026-2003/" + ], + "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-2003", + "epss": 0.00049, + "percentile": 0.14888, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2003", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.1.0" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "c9f8017f4b3fb0ab", - "name": "fluent-bit", - "version": "4.1.0", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:0f3590c76e91ee02acf305bdcff2f981bc9f783070524382028f071e8da36d86", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.1.0", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66163, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.025750000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66163, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-9230", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] - }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.02325 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9230", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", - "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", - "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", - "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", - "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", - "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", - "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5", - "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" - ], - "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9230", - "epss": 0.00031, - "percentile": 0.08975, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9230", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-9230", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-9230", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" - } - } - ], - "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], - "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2026-2003", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2003", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.15197, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-2003", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "15.16-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.16-0+deb12u1", - "date": "2026-02-12", - "kind": "advisory" - } - ] - }, - "advisories": [ - { - "id": "DSA-6132-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" - } - ], - "risk": 0.022785 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2026-2003", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2003", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2026-2003/" - ], - "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.15197, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-2003", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2026-2003", - "versionConstraint": "< 15.16-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.16-0+deb12u1" - } - } - ], - "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libpq5", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", - "upstreams": [ - { - "name": "postgresql-15" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-9232", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9232", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.0.17-1~deb12u3" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.17-1~deb12u3", - "date": "2025-10-01", - "kind": "advisory" - } - ] - }, - "advisories": [ - { - "id": "DSA-6015-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" - } - ], - "risk": 0.021255000000000003 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-9232", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", - "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", - "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", - "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", - "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", - "https://openssl-library.org/news/secadv/20250930.txt", - "http://www.openwall.com/lists/oss-security/2025/09/30/5" - ], - "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-9232", - "epss": 0.00039, - "percentile": 0.11765, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-9232", - "cwe": "CWE-125", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-9232", - "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" + "vulnerabilityID": "CVE-2026-2003", + "versionConstraint": "< 15.16-0+deb12u1 (deb)" }, "fix": { - "suggestedVersion": "3.0.17-1~deb12u3" + "suggestedVersion": "15.16-0+deb12u1" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "openssl" + "name": "postgresql-15" } ] } @@ -5270,8 +5032,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20362, - "date": "2026-02-23" + "percentile": 0.20185, + "date": "2026-03-09" } ], "cwes": [ @@ -5326,8 +5088,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20362, - "date": "2026-02-23" + "percentile": 0.20185, + "date": "2026-03-09" } ], "cwes": [ @@ -5418,8 +5180,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00039, - "percentile": 0.11852, - "date": "2026-02-23" + "percentile": 0.11553, + "date": "2026-03-09" } ], "cwes": [ @@ -5467,8 +5229,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00039, - "percentile": 0.11852, - "date": "2026-02-23" + "percentile": 0.11553, + "date": "2026-03-09" } ], "cwes": [ @@ -5491,41 +5253,188 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "curl", + "version": "7.88.1-10+deb12u14" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libcurl4", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "upstreams": [ + { + "name": "curl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59883, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.019700000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" + ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59883, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "curl" + "name": "glibc" } ] } @@ -5541,7 +5450,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -5555,9 +5464,9 @@ "epss": [ { "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ @@ -5565,7 +5474,7 @@ "cve": "CVE-2025-14831", "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -5587,7 +5496,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" } ], - "risk": 0.020085 + "risk": 0.019055 }, "relatedVulnerabilities": [ { @@ -5596,6 +5505,7 @@ "namespace": "nvd:cpe", "severity": "Medium", "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/security/cve/CVE-2025-14831", "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], @@ -5603,7 +5513,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -5617,9 +5527,9 @@ "epss": [ { "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ @@ -5627,7 +5537,7 @@ "cve": "CVE-2025-14831", "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -5686,79 +5596,122 @@ }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2025-9230", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59824, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.17-1~deb12u3" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.019700000000000002 + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.0165 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2025-9230", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59824, - "date": "2026-02-23" + "cve": "CVE-2025-9230", + "epss": 0.00022, + "percentile": 0.05642, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9230", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", + "type": "Secondary" + }, + { + "cve": "CVE-2025-9230", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -5773,43 +5726,46 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9230", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.17-1~deb12u3" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } @@ -5817,16 +5773,18 @@ ], "language": "", "licenses": [ - "GPL-2", - "LGPL-2.1" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } @@ -5843,9 +5801,9 @@ "epss": [ { "cve": "CVE-2019-1010023", - "epss": 0.00322, - "percentile": 0.54833, - "date": "2026-02-23" + "epss": 0.00313, + "percentile": 0.54089, + "date": "2026-03-09" } ], "fix": { @@ -5853,7 +5811,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0161 + "risk": 0.01565 }, "relatedVulnerabilities": [ { @@ -5910,9 +5868,9 @@ "epss": [ { "cve": "CVE-2019-1010023", - "epss": 0.00322, - "percentile": 0.54833, - "date": "2026-02-23" + "epss": 0.00313, + "percentile": 0.54089, + "date": "2026-03-09" } ] } @@ -6011,8 +5969,8 @@ { "cve": "CVE-2025-14524", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -6061,8 +6019,8 @@ { "cve": "CVE-2025-14524", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -6150,8 +6108,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -6198,8 +6156,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -6282,57 +6240,85 @@ }, { "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "id": "CVE-2025-9232", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9232", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44529, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.17-1~deb12u3" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.17-1~deb12u3", + "date": "2025-10-01", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.011100000000000002 + "advisories": [ + { + "id": "DSA-6015-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6015-1" + } + ], + "risk": 0.012535000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "id": "CVE-2025-9232", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + "https://github.com/openssl/openssl/commit/2b4ec20e47959170422922eaff25346d362dcb35", + "https://github.com/openssl/openssl/commit/654dc11d23468a74fc8ea4672b702dd3feb7be4b", + "https://github.com/openssl/openssl/commit/7cf21a30513c9e43c4bc3836c237cf086e194af3", + "https://github.com/openssl/openssl/commit/89e790ac431125a4849992858490bed6b225eadf", + "https://github.com/openssl/openssl/commit/bbf38c034cdabd0a13330abcc4855c866f53d2e0", + "https://openssl-library.org/news/secadv/20250930.txt", + "http://www.openwall.com/lists/oss-security/2025/09/30/5" ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 5.9, "exploitabilityScore": 2.3, @@ -6343,17 +6329,17 @@ ], "epss": [ { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44529, - "date": "2026-02-23" + "cve": "CVE-2025-9232", + "epss": 0.00023, + "percentile": 0.05906, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", + "cve": "CVE-2025-9232", + "cwe": "CWE-125", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -6361,7 +6347,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6369,39 +6355,67 @@ "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9232", + "versionConstraint": "< 3.0.17-1~deb12u3 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.17-1~deb12u3" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] } }, { @@ -6417,8 +6431,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43918, - "date": "2026-02-23" + "percentile": 0.43824, + "date": "2026-03-09" } ], "cwes": [ @@ -6482,8 +6496,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43918, - "date": "2026-02-23" + "percentile": 0.43824, + "date": "2026-03-09" } ], "cwes": [ @@ -6566,9 +6580,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6584,7 +6598,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6614,9 +6628,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6699,9 +6713,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6717,7 +6731,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6747,9 +6761,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6823,9 +6837,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6841,7 +6855,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6871,9 +6885,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6952,9 +6966,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6970,7 +6984,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -7000,9 +7014,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -7077,8 +7091,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42503, - "date": "2026-02-23" + "percentile": 0.42397, + "date": "2026-03-09" } ], "cwes": [ @@ -7134,8 +7148,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42503, - "date": "2026-02-23" + "percentile": 0.42397, + "date": "2026-03-09" } ], "cwes": [ @@ -7158,241 +7172,62 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2379", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", - "upstreams": [ - { - "name": "curl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2026-22795", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] - }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.007874999999999998 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2026-22795", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-22795", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u2" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22795", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2024-2379", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0f919d6ebdb73625", - "name": "libssl3", - "version": "3.0.17-1~deb12u2", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "openssl" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", + "id": "CVE-2026-22795", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22795", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS#12 file. Impact summary: An application processing a malformed PKCS#12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type confusion vulnerability exists in PKCS#12 parsing code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid pointer read. The location is constrained to a 1-byte address space, meaning any attempted pointer manipulation can only target addresses between 0x00 and 0xFF. This range corresponds to the zero page, which is unmapped on most modern operating systems and will reliably result in a crash, leading only to a Denial of Service. Exploiting this issue also requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For these reasons, the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7400,16 +7235,16 @@ ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -7433,32 +7268,32 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.00679 + "risk": 0.008925 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2026-22795", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22795", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: An invalid or NULL pointer dereference can happen in\nan application processing a malformed PKCS#12 file.\n\nImpact summary: An application processing a malformed PKCS#12 file can be\ncaused to dereference an invalid or NULL pointer on memory read, resulting\nin a Denial of Service.\n\nA type confusion vulnerability exists in PKCS#12 parsing code where\nan ASN1_TYPE union member is accessed without first validating the type,\ncausing an invalid pointer read.\n\nThe location is constrained to a 1-byte address space, meaning any\nattempted pointer manipulation can only target addresses between 0x00 and 0xFF.\nThis range corresponds to the zero page, which is unmapped on most modern\noperating systems and will reliably result in a crash, leading only to a\nDenial of Service. Exploiting this issue also requires a user or application\nto process a maliciously crafted PKCS#12 file. It is uncommon to accept\nuntrusted PKCS#12 files in applications as they are usually used to store\nprivate keys which are trusted by definition. For these reasons, the issue\nwas assessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -7466,16 +7301,16 @@ ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "cve": "CVE-2026-22795", + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", + "cve": "CVE-2026-22795", + "cwe": "CWE-754", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -7498,7 +7333,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-68160", + "vulnerabilityID": "CVE-2026-22795", "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { @@ -7519,178 +7354,19 @@ "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], - "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.32792, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00655 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", - "namespace": "nvd:cpe", - "severity": "Critical", - "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.32792, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2019-1010022", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } @@ -7698,16 +7374,18 @@ ], "language": "", "licenses": [ - "GPL-2", - "LGPL-2.1" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } @@ -7724,9 +7402,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7748,7 +7426,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.008 }, "relatedVulnerabilities": [ { @@ -7791,9 +7469,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7873,9 +7551,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7897,7 +7575,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.008 }, "relatedVulnerabilities": [ { @@ -7940,9 +7618,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -8008,77 +7686,106 @@ }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2025-68160", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", - "cvss": [], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00776 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -8093,66 +7800,90 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "openssl", + "version": "3.0.17-1~deb12u2" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "0f919d6ebdb73625", + "name": "libssl3", + "version": "3.0.17-1~deb12u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:2e4983c761ce4933ecec23c31173fed551a237c8d0ba359b697de64bd953a7c3", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u2?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "systemd" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3258, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -8162,47 +7893,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3258, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -8211,7 +7954,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -8219,39 +7962,62 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { - "evidence": "primary" + "evidence": "supporting" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { @@ -8279,9 +8045,9 @@ "epss": [ { "cve": "CVE-2026-0861", - "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ @@ -8297,7 +8063,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.00477 + "risk": 0.006360000000000001 }, "relatedVulnerabilities": [ { @@ -8328,9 +8094,9 @@ "epss": [ { "cve": "CVE-2026-0861", - "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ @@ -8413,24 +8179,24 @@ }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -8441,21 +8207,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -8472,15 +8238,15 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -8504,7 +8270,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } @@ -8539,24 +8305,24 @@ }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -8567,21 +8333,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -8598,15 +8364,15 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -8630,7 +8396,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } @@ -8661,25 +8427,25 @@ }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00092, - "percentile": 0.25901, - "date": "2026-02-23" + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -8689,57 +8455,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004600000000000001 + "risk": 0.00585 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00092, - "percentile": 0.25901, - "date": "2026-02-23" + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -8756,27 +8512,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -8785,23 +8541,136 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "openldap" + "name": "systemd" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "cvss": [], + "epss": [ + { + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00585 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" + ], + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "systemd", + "version": "254.26-1~bpo12+1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2023-31439", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", + "type": "deb", + "locations": [ + { + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "annotations": { + "evidence": "primary" + } } - ] + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { @@ -8815,7 +8684,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -8829,9 +8698,9 @@ "epss": [ { "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ @@ -8839,7 +8708,7 @@ "cve": "CVE-2025-9820", "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8850,13 +8719,13 @@ "available": [ { "version": "3.7.9-2+deb12u6", - "date": "2026-02-19", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [], - "risk": 0.0045000000000000005 + "risk": 0.00495 }, "relatedVulnerabilities": [ { @@ -8865,6 +8734,7 @@ "namespace": "nvd:cpe", "severity": "Medium", "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/security/cve/CVE-2025-9820", "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", @@ -8876,7 +8746,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -8890,9 +8760,9 @@ "epss": [ { "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ @@ -8900,7 +8770,7 @@ "cve": "CVE-2025-9820", "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8959,27 +8829,27 @@ }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00072, - "percentile": 0.21926, - "date": "2026-02-23" + "cve": "CVE-2017-14159", + "epss": 0.00092, + "percentile": 0.25756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8987,49 +8857,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0036 + "risk": 0.004600000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-15224.html", - "https://curl.se/docs/CVE-2025-15224.json", - "https://hackerone.com/reports/3480925", - "http://www.openwall.com/lists/oss-security/2026/01/07/7" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.9, + "exploitabilityScore": 3.4, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00072, - "percentile": 0.21926, - "date": "2026-02-23" + "cve": "CVE-2017-14159", + "epss": 0.00092, + "percentile": 0.25756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -9044,27 +8924,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -9073,114 +8953,95 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "curl" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -9196,27 +9057,27 @@ "version": "12" }, "package": { - "name": "zlib", - "version": "1:1.2.13.dfsg-1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "ca40227a4415e447", - "name": "zlib1g", - "version": "1:1.2.13.dfsg-1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/zlib1g", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/zlib1g", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -9225,12 +9086,21 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:zlib1g:zlib1g:1\\:1.2.13.dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/zlib1g@1%3A1.2.13.dfsg-1?arch=amd64&distro=debian-12&upstream=zlib", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "zlib" + "name": "krb5" } ] } @@ -9247,9 +9117,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -9265,7 +9135,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -9295,9 +9165,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -9332,35 +9202,26 @@ } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -9380,9 +9241,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -9398,7 +9259,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -9428,9 +9289,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -9465,15 +9326,15 @@ } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -9482,9 +9343,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -9504,9 +9370,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -9522,7 +9388,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -9552,9 +9418,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -9589,15 +9455,15 @@ } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -9606,14 +9472,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -9623,25 +9484,25 @@ }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2025-15224", + "epss": 0.00072, + "percentile": 0.21754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -9651,45 +9512,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.0036 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2025-15224", + "epss": 0.00072, + "percentile": 0.21754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -9706,27 +9569,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -9735,12 +9598,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } @@ -9757,9 +9620,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00051, - "percentile": 0.15859, - "date": "2026-02-23" + "epss": 0.00069, + "percentile": 0.20993, + "date": "2026-03-09" } ], "cwes": [ @@ -9775,7 +9638,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00255 + "risk": 0.00345 }, "relatedVulnerabilities": [ { @@ -9805,9 +9668,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00051, - "percentile": 0.15859, - "date": "2026-02-23" + "epss": 0.00069, + "percentile": 0.20993, + "date": "2026-03-09" } ], "cwes": [ @@ -9890,6 +9753,158 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2026-27171", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.00315 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" + ], + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "zlib", + "version": "1:1.2.13.dfsg-1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "ca40227a4415e447", + "name": "zlib1g", + "version": "1:1.2.13.dfsg-1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/zlib1g", + "layerID": "sha256:86fa2649786cc0925c0034adaf3ae286626382a50b431c29a3896af91fd013e8", + "accessPath": "/var/lib/dpkg/status.d/zlib1g", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:zlib1g:zlib1g:1\\:1.2.13.dfsg-1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/zlib1g@1%3A1.2.13.dfsg-1?arch=amd64&distro=debian-12&upstream=zlib", + "upstreams": [ + { + "name": "zlib" + } + ] + } + }, { "vulnerability": { "id": "CVE-2022-27943", @@ -9903,8 +9918,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9964,8 +9979,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -10072,8 +10087,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -10133,8 +10148,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -10209,8 +10224,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -10270,8 +10285,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -10374,8 +10389,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -10435,8 +10450,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -10534,8 +10549,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -10595,8 +10610,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -10707,8 +10722,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ @@ -10773,8 +10788,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ @@ -10873,8 +10888,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10940,8 +10955,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -11022,8 +11037,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -11089,8 +11104,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -11167,8 +11182,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -11217,8 +11232,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -11293,8 +11308,8 @@ { "cve": "CVE-2026-22185", "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ @@ -11348,8 +11363,8 @@ { "cve": "CVE-2026-22185", "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ @@ -11438,9 +11453,9 @@ "epss": [ { "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.0283, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04357, + "date": "2026-03-09" } ], "fix": { @@ -11448,7 +11463,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0007499999999999999 + "risk": 0.0009 }, "relatedVulnerabilities": [ { @@ -11481,9 +11496,9 @@ "epss": [ { "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.0283, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04357, + "date": "2026-03-09" } ] } @@ -11550,8 +11565,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -11599,8 +11614,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -11811,7 +11826,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -11990,107 +12005,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/oss/grype-4.1.0.md b/docs/security/oss/grype-4.1.0.md index a4d4f1c..dfade44 100644 --- a/docs/security/oss/grype-4.1.0.md +++ b/docs/security/oss/grype-4.1.0.md @@ -8,14 +8,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | Critical | | fluent-bit | 4.1.0 | [CVE-2025-12977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12977) | Critical | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | | fluent-bit | 4.1.0 | [CVE-2025-12970](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12970) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2004) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005) | High | -| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | -| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | +| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | @@ -25,14 +25,14 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | fluent-bit | 4.1.0 | [CVE-2025-12972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12972) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-12969](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12969) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| fluent-bit | 4.1.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | +| fluent-bit | 4.1.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.1.0 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003) | Medium | -| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524) | Medium | +| libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-9232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2026-22795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795) | Medium | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-68160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160) | Medium | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2025-9820](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9820) | Medium | @@ -40,40 +40,40 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | -| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31438) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31438) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31439) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31439) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-14159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14159) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libssl3 | 3.0.17-1~deb12u2 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | diff --git a/docs/security/oss/grype-4.1.1.json b/docs/security/oss/grype-4.1.1.json index fbc05ed..c9410cb 100644 --- a/docs/security/oss/grype-4.1.1.json +++ b/docs/security/oss/grype-4.1.1.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" + "percentile": 0.8064, + "date": "2026-03-09" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" + "percentile": 0.8064, + "date": "2026-03-09" } ], "cwes": [ @@ -196,7 +196,7 @@ "namespace": "debian:distro:debian:12", "severity": "Critical", "urls": [], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -214,9 +214,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -246,7 +246,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.6316800000000001 + "risk": 0.9494 }, "relatedVulnerabilities": [ { @@ -261,9 +261,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -281,9 +282,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -382,8 +383,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87837, - "date": "2026-02-23" + "percentile": 0.87877, + "date": "2026-03-09" } ], "cwes": [ @@ -517,8 +518,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87837, - "date": "2026-02-23" + "percentile": 0.87877, + "date": "2026-03-09" } ], "cwes": [ @@ -582,100 +583,105 @@ }, { "vulnerability": { - "id": "CVE-2026-2004", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", + "id": "CVE-2025-69420", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30295, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2004", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.16-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.16-0+deb12u1", - "date": "2026-02-12", + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { - "id": "DSA-6132-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.093725 + "risk": 0.14925 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-2004", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2026-2004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30295, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2004", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -691,63 +697,92 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-2004", - "versionConstraint": "< 15.16-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.16-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2015-3276", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { - "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82309, - "date": "2026-02-23" + "cve": "CVE-2017-17740", + "epss": 0.02871, + "percentile": 0.86062, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -755,27 +790,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08785 + "risk": 0.14355 }, "relatedVulnerabilities": [ { - "id": "CVE-2015-3276", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://rhn.redhat.com/errata/RHSA-2015-2131.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securitytracker.com/id/1034221", - "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -787,7 +823,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -798,10 +834,18 @@ ], "epss": [ { - "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82309, - "date": "2026-02-23" + "cve": "CVE-2017-17740", + "epss": 0.02871, + "percentile": 0.86062, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -822,7 +866,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2015-3276", + "vulnerabilityID": "CVE-2017-17740", "versionConstraint": "none (unknown)" } } @@ -866,90 +910,101 @@ }, { "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "id": "CVE-2026-2004", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [], + "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81831, - "date": "2026-02-23" + "cve": "CVE-2026-2004", + "epss": 0.00115, + "percentile": 0.30109, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-2004", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.16-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.16-0+deb12u1", + "date": "2026-02-12", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.08345000000000001 + "advisories": [ + { + "id": "DSA-6132-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + } + ], + "risk": 0.093725 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "id": "CVE-2026-2004", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://www.postgresql.org/support/security/CVE-2026-2004/" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81831, - "date": "2026-02-23" + "cve": "CVE-2026-2004", + "epss": 0.00115, + "percentile": 0.30109, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-2004", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -964,87 +1019,63 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-20796", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-2004", + "versionConstraint": "< 15.16-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.16-0+deb12u1" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "glibc" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2015-3276", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81681, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2015-3276", + "epss": 0.01757, + "percentile": 0.82337, + "date": "2026-03-09" } ], "fix": { @@ -1052,28 +1083,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08215 + "risk": 0.08785 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "id": "CVE-2015-3276", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "http://rhn.redhat.com/errata/RHSA-2015-2131.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securitytracker.com/id/1034221", + "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1085,7 +1115,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1096,18 +1126,10 @@ ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81681, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2015-3276", + "epss": 0.01757, + "percentile": 0.82337, + "date": "2026-03-09" } ] } @@ -1128,7 +1150,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2015-3276", "versionConstraint": "none (unknown)" } } @@ -1172,25 +1194,25 @@ }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80809, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1200,25 +1222,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.07425000000000001 + "risk": 0.0746 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1230,7 +1255,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1241,16 +1266,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80809, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1267,50 +1292,60 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-20796", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } @@ -1328,8 +1363,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1388,8 +1423,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1424,15 +1459,15 @@ } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -1441,9 +1476,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1464,8 +1508,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1524,8 +1568,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1560,15 +1604,15 @@ } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -1577,14 +1621,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1605,8 +1644,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1665,8 +1704,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1701,13 +1740,154 @@ } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.07425000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { @@ -1754,8 +1934,8 @@ { "cve": "CVE-2026-2006", "epss": 0.00075, - "percentile": 0.22584, - "date": "2026-02-23" + "percentile": 0.22442, + "date": "2026-03-09" } ], "cwes": [ @@ -1815,8 +1995,8 @@ { "cve": "CVE-2026-2006", "epss": 0.00075, - "percentile": 0.22584, - "date": "2026-02-23" + "percentile": 0.22442, + "date": "2026-03-09" } ], "cwes": [ @@ -1907,8 +2087,8 @@ { "cve": "CVE-2026-2005", "epss": 0.00066, - "percentile": 0.20357, - "date": "2026-02-23" + "percentile": 0.20179, + "date": "2026-03-09" } ], "cwes": [ @@ -1968,8 +2148,8 @@ { "cve": "CVE-2026-2005", "epss": 0.00066, - "percentile": 0.20357, - "date": "2026-02-23" + "percentile": 0.20179, + "date": "2026-03-09" } ], "cwes": [ @@ -2060,8 +2240,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.28169, - "date": "2026-02-23" + "percentile": 0.27974, + "date": "2026-03-09" } ], "fix": { @@ -2104,8 +2284,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.28169, - "date": "2026-02-23" + "percentile": 0.27974, + "date": "2026-03-09" } ] } @@ -2161,16 +2341,16 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2183,16 +2363,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2216,24 +2396,36 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.0525 + "risk": 0.048749999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -2249,16 +2441,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2281,7 +2473,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { @@ -2340,50 +2532,229 @@ }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75372, - "date": "2026-02-23" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0452 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.045445 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-0725", + "epss": 0.00904, + "percentile": 0.75428, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0452 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", "https://security.netapp.com/advisory/ntap-20250306-0009/" ], "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", @@ -2405,8 +2776,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75372, - "date": "2026-02-23" + "percentile": 0.75428, + "date": "2026-03-09" } ], "cwes": [ @@ -2494,8 +2865,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ @@ -2544,8 +2915,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ @@ -2610,106 +2981,87 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74743, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.044250000000000005 + "advisories": [], + "risk": 0.043000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74743, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2724,46 +3076,43 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2019-9192", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -2771,18 +3120,16 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "GPL-2", + "LGPL-2.1" ], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } @@ -2800,8 +3147,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00856, - "percentile": 0.74635, - "date": "2026-02-23" + "percentile": 0.74696, + "date": "2026-03-09" } ], "cwes": [ @@ -2863,8 +3210,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00856, - "percentile": 0.74635, - "date": "2026-02-23" + "percentile": 0.74696, + "date": "2026-03-09" } ], "cwes": [ @@ -2947,87 +3294,96 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", - "cvss": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74388, - "date": "2026-02-23" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22241, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.04205000000000001 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74388, - "date": "2026-02-23" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22241, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -3042,165 +3398,131 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "glibc" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.04171999999999999 + "advisories": [], + "risk": 0.039749999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -3216,46 +3538,43 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69419", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -3263,113 +3582,121 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "GPL-2", + "LGPL-2.1" ], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.2238, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.15-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.040330000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.039654999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.2238, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3385,65 +3712,88 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3451,78 +3801,174 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.039749999999999994 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.1" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "dd108375663c1956", + "name": "fluent-bit", + "version": "4.1.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:c84836e8d858a60e9246f25af0c1bd76a001444e90aef8a6b41cbfbaf4e2f770", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70355, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0323 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" + ], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70355, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" }, "package": { "name": "glibc", @@ -3531,7 +3977,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -3585,39 +4031,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-29477", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -3628,7 +4074,7 @@ "state": "" }, "advisories": [], - "risk": 0.037275 + "risk": 0.027825000000000003 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3646,7 +4092,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29478", + "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -3680,113 +4126,86 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67585, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.03605 + "advisories": [], + "risk": 0.0275 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67585, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3794,90 +4213,62 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70329, - "date": "2026-02-23" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66224, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -3887,33 +4278,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0323 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -3932,16 +4321,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70329, - "date": "2026-02-23" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66224, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -3950,7 +4339,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3958,279 +4347,176 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2026-2003", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2003", + "namespace": "debian:distro:debian:12", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" + "cve": "CVE-2026-2003", + "epss": 0.00049, + "percentile": 0.14888, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2003", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "15.16-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.16-0+deb12u1", + "date": "2026-02-12", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.027825000000000003 + "advisories": [ + { + "id": "DSA-6132-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + } + ], + "risk": 0.022785 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2003", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2003", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2026-2003/" + ], + "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-2003", + "epss": 0.00049, + "percentile": 0.14888, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2003", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.1.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "dd108375663c1956", - "name": "fluent-bit", - "version": "4.1.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:c84836e8d858a60e9246f25af0c1bd76a001444e90aef8a6b41cbfbaf4e2f770", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.1.1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66163, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.025750000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66163, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-2003", + "versionConstraint": "< 15.16-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.16-0+deb12u1" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -4239,29 +4525,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "upstreams": [ + { + "name": "postgresql-15" + } + ] } }, { "vulnerability": { - "id": "CVE-2026-2003", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2003", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4269,60 +4559,55 @@ ], "epss": [ { - "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.15197, - "date": "2026-02-23" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20185, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2003", - "cwe": "CWE-1287", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ - "15.16-0+deb12u1" + "15.15-0+deb12u1" ], "state": "fixed", "available": [ { - "version": "15.16-0+deb12u1", - "date": "2026-02-12", - "kind": "advisory" + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-6132-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" - } - ], - "risk": 0.022785 + "advisories": [], + "risk": 0.02013 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-2003", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2003", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://www.postgresql.org/support/security/CVE-2026-2003/" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4330,16 +4615,16 @@ ], "epss": [ { - "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.15197, - "date": "2026-02-23" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20185, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2003", - "cwe": "CWE-1287", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } @@ -4362,11 +4647,11 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-2003", - "versionConstraint": "< 15.16-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" }, "fix": { - "suggestedVersion": "15.16-0+deb12u1" + "suggestedVersion": "15.15-0+deb12u1" } } ], @@ -4400,95 +4685,88 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20362, - "date": "2026-02-23" + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11553, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.02013 + "risk": 0.020085 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20362, - "date": "2026-02-23" + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11553, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4504,30 +4782,27 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -4536,101 +4811,91 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "postgresql-15" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11852, - "date": "2026-02-23" + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59883, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019700000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11852, - "date": "2026-02-23" + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59883, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4645,41 +4910,60 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "curl" + "name": "glibc" } ] } @@ -4695,7 +4979,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -4709,9 +4993,9 @@ "epss": [ { "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ @@ -4719,7 +5003,7 @@ "cve": "CVE-2025-14831", "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -4741,7 +5025,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" } ], - "risk": 0.020085 + "risk": 0.019055 }, "relatedVulnerabilities": [ { @@ -4750,6 +5034,7 @@ "namespace": "nvd:cpe", "severity": "Medium", "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/security/cve/CVE-2025-14831", "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], @@ -4757,7 +5042,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -4771,9 +5056,9 @@ "epss": [ { "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ @@ -4781,7 +5066,7 @@ "cve": "CVE-2025-14831", "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -4840,27 +5125,19 @@ }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59824, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54089, + "date": "2026-03-09" } ], "fix": { @@ -4868,174 +5145,35 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019700000000000002 + "risk": 0.01565 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59824, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010023", - "epss": 0.00322, - "percentile": 0.54833, - "date": "2026-02-23" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0161 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" - ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, + }, { "source": "nvd@nist.gov", "type": "Primary", @@ -5064,9 +5202,9 @@ "epss": [ { "cve": "CVE-2019-1010023", - "epss": 0.00322, - "percentile": 0.54833, - "date": "2026-02-23" + "epss": 0.00313, + "percentile": 0.54089, + "date": "2026-03-09" } ] } @@ -5165,8 +5303,8 @@ { "cve": "CVE-2025-14524", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -5215,8 +5353,8 @@ { "cve": "CVE-2025-14524", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -5304,8 +5442,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -5352,8 +5490,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -5434,130 +5572,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44529, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011100000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44529, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2020-15719", @@ -5571,8 +5585,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43918, - "date": "2026-02-23" + "percentile": 0.43824, + "date": "2026-03-09" } ], "cwes": [ @@ -5636,8 +5650,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43918, - "date": "2026-02-23" + "percentile": 0.43824, + "date": "2026-03-09" } ], "cwes": [ @@ -5720,9 +5734,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5738,7 +5752,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -5768,9 +5782,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5853,9 +5867,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5871,7 +5885,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -5901,9 +5915,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5977,9 +5991,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5995,7 +6009,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6025,9 +6039,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6106,9 +6120,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6124,7 +6138,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6154,9 +6168,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6231,8 +6245,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42503, - "date": "2026-02-23" + "percentile": 0.42397, + "date": "2026-03-09" } ], "cwes": [ @@ -6288,8 +6302,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42503, - "date": "2026-02-23" + "percentile": 0.42397, + "date": "2026-03-09" } ], "cwes": [ @@ -6376,9 +6390,9 @@ "epss": [ { "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ @@ -6408,7 +6422,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.007874999999999998 + "risk": 0.008925 }, "relatedVulnerabilities": [ { @@ -6442,9 +6456,9 @@ "epss": [ { "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ @@ -6494,357 +6508,19 @@ "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], - "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] - }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.00679 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" - } - } - ], - "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libssl3", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], - "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.32792, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00655 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", - "namespace": "nvd:cpe", - "severity": "Critical", - "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.32792, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2019-1010022", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } @@ -6852,16 +6528,18 @@ ], "language": "", "licenses": [ - "GPL-2", - "LGPL-2.1" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } @@ -6878,9 +6556,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -6902,7 +6580,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.008 }, "relatedVulnerabilities": [ { @@ -6945,9 +6623,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7027,9 +6705,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7051,7 +6729,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.008 }, "relatedVulnerabilities": [ { @@ -7094,9 +6772,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7162,77 +6840,106 @@ }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2025-68160", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", - "cvss": [], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00776 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7247,66 +6954,90 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "systemd" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3258, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -7316,47 +7047,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3258, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -7365,7 +7108,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -7373,39 +7116,62 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { - "evidence": "primary" + "evidence": "supporting" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { @@ -7433,9 +7199,9 @@ "epss": [ { "cve": "CVE-2026-0861", - "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ @@ -7451,7 +7217,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.00477 + "risk": 0.006360000000000001 }, "relatedVulnerabilities": [ { @@ -7482,9 +7248,9 @@ "epss": [ { "cve": "CVE-2026-0861", - "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ @@ -7567,24 +7333,24 @@ }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7595,21 +7361,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -7626,15 +7392,15 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7658,7 +7424,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } @@ -7693,24 +7459,24 @@ }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7721,21 +7487,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -7752,15 +7518,15 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7784,7 +7550,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } @@ -7815,25 +7581,25 @@ }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00092, - "percentile": 0.25901, - "date": "2026-02-23" + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -7843,57 +7609,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004600000000000001 + "risk": 0.00585 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00092, - "percentile": 0.25901, - "date": "2026-02-23" + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -7910,27 +7666,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -7939,23 +7695,136 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "openldap" + "name": "systemd" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "cvss": [], + "epss": [ + { + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00585 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" + ], + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "systemd", + "version": "254.26-1~bpo12+1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2023-31439", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", + "type": "deb", + "locations": [ + { + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "annotations": { + "evidence": "primary" + } } - ] + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { @@ -7969,7 +7838,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -7983,9 +7852,9 @@ "epss": [ { "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ @@ -7993,7 +7862,7 @@ "cve": "CVE-2025-9820", "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8004,13 +7873,13 @@ "available": [ { "version": "3.7.9-2+deb12u6", - "date": "2026-02-19", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [], - "risk": 0.0045000000000000005 + "risk": 0.00495 }, "relatedVulnerabilities": [ { @@ -8019,6 +7888,7 @@ "namespace": "nvd:cpe", "severity": "Medium", "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/security/cve/CVE-2025-9820", "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", @@ -8030,7 +7900,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -8044,9 +7914,9 @@ "epss": [ { "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ @@ -8054,7 +7924,7 @@ "cve": "CVE-2025-9820", "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8113,27 +7983,27 @@ }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00072, - "percentile": 0.21926, - "date": "2026-02-23" + "cve": "CVE-2017-14159", + "epss": 0.00092, + "percentile": 0.25756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8141,49 +8011,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0036 + "risk": 0.004600000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-15224.html", - "https://curl.se/docs/CVE-2025-15224.json", - "https://hackerone.com/reports/3480925", - "http://www.openwall.com/lists/oss-security/2026/01/07/7" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.9, + "exploitabilityScore": 3.4, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00072, - "percentile": 0.21926, - "date": "2026-02-23" + "cve": "CVE-2017-14159", + "epss": 0.00092, + "percentile": 0.25756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8198,27 +8078,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -8227,114 +8107,95 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "curl" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8350,27 +8211,27 @@ "version": "12" }, "package": { - "name": "zlib", - "version": "1:1.2.13.dfsg-1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "ca40227a4415e447", - "name": "zlib1g", - "version": "1:1.2.13.dfsg-1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/zlib1g", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/zlib1g", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -8379,12 +8240,21 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:zlib1g:zlib1g:1\\:1.2.13.dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/zlib1g@1%3A1.2.13.dfsg-1?arch=amd64&distro=debian-12&upstream=zlib", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "zlib" + "name": "krb5" } ] } @@ -8401,9 +8271,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8419,7 +8289,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8449,9 +8319,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8486,35 +8356,26 @@ } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -8534,9 +8395,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8552,7 +8413,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8582,9 +8443,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8619,15 +8480,15 @@ } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -8636,9 +8497,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -8658,9 +8524,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8676,7 +8542,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8706,9 +8572,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8743,15 +8609,15 @@ } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -8760,14 +8626,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -8777,25 +8638,25 @@ }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2025-15224", + "epss": 0.00072, + "percentile": 0.21754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -8805,45 +8666,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.0036 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2025-15224", + "epss": 0.00072, + "percentile": 0.21754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -8860,27 +8723,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -8889,12 +8752,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } @@ -8911,9 +8774,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00051, - "percentile": 0.15859, - "date": "2026-02-23" + "epss": 0.00069, + "percentile": 0.20993, + "date": "2026-03-09" } ], "cwes": [ @@ -8929,7 +8792,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00255 + "risk": 0.00345 }, "relatedVulnerabilities": [ { @@ -8959,9 +8822,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00051, - "percentile": 0.15859, - "date": "2026-02-23" + "epss": 0.00069, + "percentile": 0.20993, + "date": "2026-03-09" } ], "cwes": [ @@ -9044,6 +8907,158 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2026-27171", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.00315 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" + ], + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "zlib", + "version": "1:1.2.13.dfsg-1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "ca40227a4415e447", + "name": "zlib1g", + "version": "1:1.2.13.dfsg-1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/zlib1g", + "layerID": "sha256:53649cc2a16ea902de423eb2aa5c675c4e03f3602517e2a953f1bbcc6431bd00", + "accessPath": "/var/lib/dpkg/status.d/zlib1g", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:zlib1g:zlib1g:1\\:1.2.13.dfsg-1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/zlib1g@1%3A1.2.13.dfsg-1?arch=amd64&distro=debian-12&upstream=zlib", + "upstreams": [ + { + "name": "zlib" + } + ] + } + }, { "vulnerability": { "id": "CVE-2022-27943", @@ -9057,8 +9072,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9118,8 +9133,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9226,8 +9241,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9287,8 +9302,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9363,8 +9378,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9424,8 +9439,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9528,8 +9543,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9589,8 +9604,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9688,8 +9703,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9749,8 +9764,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9861,8 +9876,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ @@ -9927,8 +9942,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ @@ -10027,8 +10042,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10094,8 +10109,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10176,8 +10191,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10243,8 +10258,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10321,8 +10336,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -10371,8 +10386,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -10447,8 +10462,8 @@ { "cve": "CVE-2026-22185", "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ @@ -10502,8 +10517,8 @@ { "cve": "CVE-2026-22185", "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ @@ -10592,9 +10607,9 @@ "epss": [ { "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.0283, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04357, + "date": "2026-03-09" } ], "fix": { @@ -10602,7 +10617,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0007499999999999999 + "risk": 0.0009 }, "relatedVulnerabilities": [ { @@ -10635,9 +10650,9 @@ "epss": [ { "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.0283, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04357, + "date": "2026-03-09" } ] } @@ -10704,8 +10719,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -10753,8 +10768,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -10965,7 +10980,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -11144,107 +11159,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/oss/grype-4.1.1.md b/docs/security/oss/grype-4.1.1.md index 11fd022..68de1f7 100644 --- a/docs/security/oss/grype-4.1.1.md +++ b/docs/security/oss/grype-4.1.1.md @@ -7,20 +7,20 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | Critical | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2004) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005) | High | -| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | -| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | +| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| fluent-bit | 4.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | +| fluent-bit | 4.1.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.1.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | @@ -33,40 +33,40 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | -| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31438) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31438) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31439) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31439) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-14159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14159) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | diff --git a/docs/security/oss/grype-4.1.2.json b/docs/security/oss/grype-4.1.2.json index a061e8e..901e85f 100644 --- a/docs/security/oss/grype-4.1.2.json +++ b/docs/security/oss/grype-4.1.2.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" + "percentile": 0.8064, + "date": "2026-03-09" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" + "percentile": 0.8064, + "date": "2026-03-09" } ], "cwes": [ @@ -196,7 +196,7 @@ "namespace": "debian:distro:debian:12", "severity": "Critical", "urls": [], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -214,9 +214,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -246,7 +246,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.6316800000000001 + "risk": 0.9494 }, "relatedVulnerabilities": [ { @@ -261,9 +261,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -281,9 +282,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -382,8 +383,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87837, - "date": "2026-02-23" + "percentile": 0.87877, + "date": "2026-03-09" } ], "cwes": [ @@ -517,8 +518,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87837, - "date": "2026-02-23" + "percentile": 0.87877, + "date": "2026-03-09" } ], "cwes": [ @@ -582,100 +583,105 @@ }, { "vulnerability": { - "id": "CVE-2026-2004", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", + "id": "CVE-2025-69420", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30295, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2004", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.16-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.16-0+deb12u1", - "date": "2026-02-12", + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { - "id": "DSA-6132-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.093725 + "risk": 0.14925 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-2004", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2026-2004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30295, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2004", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -691,63 +697,92 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-2004", - "versionConstraint": "< 15.16-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.16-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2015-3276", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { - "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82309, - "date": "2026-02-23" + "cve": "CVE-2017-17740", + "epss": 0.02871, + "percentile": 0.86062, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -755,27 +790,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08785 + "risk": 0.14355 }, "relatedVulnerabilities": [ { - "id": "CVE-2015-3276", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://rhn.redhat.com/errata/RHSA-2015-2131.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securitytracker.com/id/1034221", - "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -787,7 +823,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -798,10 +834,18 @@ ], "epss": [ { - "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82309, - "date": "2026-02-23" + "cve": "CVE-2017-17740", + "epss": 0.02871, + "percentile": 0.86062, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -822,7 +866,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2015-3276", + "vulnerabilityID": "CVE-2017-17740", "versionConstraint": "none (unknown)" } } @@ -866,90 +910,101 @@ }, { "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "id": "CVE-2026-2004", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [], + "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81831, - "date": "2026-02-23" + "cve": "CVE-2026-2004", + "epss": 0.00115, + "percentile": 0.30109, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-2004", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.16-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.16-0+deb12u1", + "date": "2026-02-12", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.08345000000000001 + "advisories": [ + { + "id": "DSA-6132-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + } + ], + "risk": 0.093725 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "id": "CVE-2026-2004", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://www.postgresql.org/support/security/CVE-2026-2004/" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81831, - "date": "2026-02-23" + "cve": "CVE-2026-2004", + "epss": 0.00115, + "percentile": 0.30109, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-2004", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -964,87 +1019,63 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-20796", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-2004", + "versionConstraint": "< 15.16-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.16-0+deb12u1" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "glibc" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2015-3276", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81681, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2015-3276", + "epss": 0.01757, + "percentile": 0.82337, + "date": "2026-03-09" } ], "fix": { @@ -1052,28 +1083,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08215 + "risk": 0.08785 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "id": "CVE-2015-3276", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "http://rhn.redhat.com/errata/RHSA-2015-2131.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securitytracker.com/id/1034221", + "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1085,7 +1115,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1096,18 +1126,10 @@ ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81681, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2015-3276", + "epss": 0.01757, + "percentile": 0.82337, + "date": "2026-03-09" } ] } @@ -1128,7 +1150,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2015-3276", "versionConstraint": "none (unknown)" } } @@ -1172,25 +1194,25 @@ }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80809, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1200,25 +1222,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.07425000000000001 + "risk": 0.0746 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1230,7 +1255,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1241,16 +1266,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80809, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1267,50 +1292,60 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-20796", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } @@ -1328,8 +1363,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1388,8 +1423,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1424,15 +1459,15 @@ } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -1441,9 +1476,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1464,8 +1508,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1524,8 +1568,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1560,15 +1604,15 @@ } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -1577,14 +1621,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1605,8 +1644,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1665,8 +1704,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1701,13 +1740,154 @@ } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.07425000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { @@ -1754,8 +1934,8 @@ { "cve": "CVE-2026-2006", "epss": 0.00075, - "percentile": 0.22584, - "date": "2026-02-23" + "percentile": 0.22442, + "date": "2026-03-09" } ], "cwes": [ @@ -1815,8 +1995,8 @@ { "cve": "CVE-2026-2006", "epss": 0.00075, - "percentile": 0.22584, - "date": "2026-02-23" + "percentile": 0.22442, + "date": "2026-03-09" } ], "cwes": [ @@ -1907,8 +2087,8 @@ { "cve": "CVE-2026-2005", "epss": 0.00066, - "percentile": 0.20357, - "date": "2026-02-23" + "percentile": 0.20179, + "date": "2026-03-09" } ], "cwes": [ @@ -1968,8 +2148,8 @@ { "cve": "CVE-2026-2005", "epss": 0.00066, - "percentile": 0.20357, - "date": "2026-02-23" + "percentile": 0.20179, + "date": "2026-03-09" } ], "cwes": [ @@ -2060,8 +2240,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.28169, - "date": "2026-02-23" + "percentile": 0.27974, + "date": "2026-03-09" } ], "fix": { @@ -2104,8 +2284,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.28169, - "date": "2026-02-23" + "percentile": 0.27974, + "date": "2026-03-09" } ] } @@ -2161,16 +2341,16 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2183,16 +2363,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2216,24 +2396,36 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.0525 + "risk": 0.048749999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -2249,16 +2441,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2281,7 +2473,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { @@ -2340,50 +2532,229 @@ }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75372, - "date": "2026-02-23" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0452 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.045445 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-0725", + "epss": 0.00904, + "percentile": 0.75428, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0452 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", "https://security.netapp.com/advisory/ntap-20250306-0009/" ], "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", @@ -2405,8 +2776,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75372, - "date": "2026-02-23" + "percentile": 0.75428, + "date": "2026-03-09" } ], "cwes": [ @@ -2494,8 +2865,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ @@ -2544,8 +2915,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ @@ -2610,106 +2981,87 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74743, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.044250000000000005 + "advisories": [], + "risk": 0.043000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74743, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2724,46 +3076,43 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2019-9192", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -2771,18 +3120,16 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "GPL-2", + "LGPL-2.1" ], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } @@ -2800,8 +3147,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00856, - "percentile": 0.74635, - "date": "2026-02-23" + "percentile": 0.74696, + "date": "2026-03-09" } ], "cwes": [ @@ -2863,8 +3210,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00856, - "percentile": 0.74635, - "date": "2026-02-23" + "percentile": 0.74696, + "date": "2026-03-09" } ], "cwes": [ @@ -2947,87 +3294,96 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", - "cvss": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74388, - "date": "2026-02-23" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22241, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.04205000000000001 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74388, - "date": "2026-02-23" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22241, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -3042,165 +3398,131 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "glibc" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.04171999999999999 + "advisories": [], + "risk": 0.039749999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -3216,46 +3538,43 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69419", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -3263,113 +3582,121 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "GPL-2", + "LGPL-2.1" ], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.2238, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.15-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.040330000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.039654999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.2238, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3385,65 +3712,88 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3451,78 +3801,174 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.039749999999999994 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.1.2" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "08d2144e99b02e72", + "name": "fluent-bit", + "version": "4.1.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:7b87b38ab9df02e882f8208074deb99dad63909687a76c1b3354a32072e138ae", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.1.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70355, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0323 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" + ], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70355, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" }, "package": { "name": "glibc", @@ -3531,7 +3977,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -3585,39 +4031,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-29477", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -3628,7 +4074,7 @@ "state": "" }, "advisories": [], - "risk": 0.037275 + "risk": 0.027825000000000003 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3646,7 +4092,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29478", + "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -3680,113 +4126,86 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67585, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.03605 + "advisories": [], + "risk": 0.0275 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67585, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3794,90 +4213,62 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70329, - "date": "2026-02-23" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66224, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -3887,33 +4278,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0323 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -3932,16 +4321,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70329, - "date": "2026-02-23" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66224, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -3950,7 +4339,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3958,279 +4347,176 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2026-2003", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2003", + "namespace": "debian:distro:debian:12", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" + "cve": "CVE-2026-2003", + "epss": 0.00049, + "percentile": 0.14888, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2003", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "15.16-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.16-0+deb12u1", + "date": "2026-02-12", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.027825000000000003 + "advisories": [ + { + "id": "DSA-6132-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + } + ], + "risk": 0.022785 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2003", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2003", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2026-2003/" + ], + "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-2003", + "epss": 0.00049, + "percentile": 0.14888, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2003", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.1.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "08d2144e99b02e72", - "name": "fluent-bit", - "version": "4.1.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:7b87b38ab9df02e882f8208074deb99dad63909687a76c1b3354a32072e138ae", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.1.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.1.2", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66163, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.025750000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66163, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-2003", + "versionConstraint": "< 15.16-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.16-0+deb12u1" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -4239,29 +4525,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "upstreams": [ + { + "name": "postgresql-15" + } + ] } }, { "vulnerability": { - "id": "CVE-2026-2003", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2003", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4269,60 +4559,55 @@ ], "epss": [ { - "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.15197, - "date": "2026-02-23" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20185, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2003", - "cwe": "CWE-1287", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ - "15.16-0+deb12u1" + "15.15-0+deb12u1" ], "state": "fixed", "available": [ { - "version": "15.16-0+deb12u1", - "date": "2026-02-12", - "kind": "advisory" + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-6132-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" - } - ], - "risk": 0.022785 + "advisories": [], + "risk": 0.02013 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-2003", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2003", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://www.postgresql.org/support/security/CVE-2026-2003/" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4330,16 +4615,16 @@ ], "epss": [ { - "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.15197, - "date": "2026-02-23" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20185, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2003", - "cwe": "CWE-1287", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } @@ -4362,11 +4647,11 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-2003", - "versionConstraint": "< 15.16-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" }, "fix": { - "suggestedVersion": "15.16-0+deb12u1" + "suggestedVersion": "15.15-0+deb12u1" } } ], @@ -4400,95 +4685,88 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20362, - "date": "2026-02-23" + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11553, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.02013 + "risk": 0.020085 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20362, - "date": "2026-02-23" + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11553, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4504,30 +4782,27 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -4536,101 +4811,91 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "postgresql-15" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11852, - "date": "2026-02-23" + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59883, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019700000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11852, - "date": "2026-02-23" + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59883, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4645,41 +4910,60 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "curl" + "name": "glibc" } ] } @@ -4695,7 +4979,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -4709,9 +4993,9 @@ "epss": [ { "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ @@ -4719,7 +5003,7 @@ "cve": "CVE-2025-14831", "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -4741,7 +5025,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" } ], - "risk": 0.020085 + "risk": 0.019055 }, "relatedVulnerabilities": [ { @@ -4750,6 +5034,7 @@ "namespace": "nvd:cpe", "severity": "Medium", "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/security/cve/CVE-2025-14831", "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], @@ -4757,7 +5042,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -4771,9 +5056,9 @@ "epss": [ { "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ @@ -4781,7 +5066,7 @@ "cve": "CVE-2025-14831", "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -4840,27 +5125,19 @@ }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59824, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54089, + "date": "2026-03-09" } ], "fix": { @@ -4868,174 +5145,35 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019700000000000002 + "risk": 0.01565 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59824, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010023", - "epss": 0.00322, - "percentile": 0.54833, - "date": "2026-02-23" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0161 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" - ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, + }, { "source": "nvd@nist.gov", "type": "Primary", @@ -5064,9 +5202,9 @@ "epss": [ { "cve": "CVE-2019-1010023", - "epss": 0.00322, - "percentile": 0.54833, - "date": "2026-02-23" + "epss": 0.00313, + "percentile": 0.54089, + "date": "2026-03-09" } ] } @@ -5165,8 +5303,8 @@ { "cve": "CVE-2025-14524", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -5215,8 +5353,8 @@ { "cve": "CVE-2025-14524", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -5304,8 +5442,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -5352,8 +5490,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -5434,130 +5572,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44529, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011100000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44529, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2020-15719", @@ -5571,8 +5585,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43918, - "date": "2026-02-23" + "percentile": 0.43824, + "date": "2026-03-09" } ], "cwes": [ @@ -5636,8 +5650,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43918, - "date": "2026-02-23" + "percentile": 0.43824, + "date": "2026-03-09" } ], "cwes": [ @@ -5720,9 +5734,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5738,7 +5752,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -5768,9 +5782,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5853,9 +5867,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5871,7 +5885,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -5901,9 +5915,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5977,9 +5991,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5995,7 +6009,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6025,9 +6039,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6106,9 +6120,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6124,7 +6138,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6154,9 +6168,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6231,8 +6245,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42503, - "date": "2026-02-23" + "percentile": 0.42397, + "date": "2026-03-09" } ], "cwes": [ @@ -6288,8 +6302,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42503, - "date": "2026-02-23" + "percentile": 0.42397, + "date": "2026-03-09" } ], "cwes": [ @@ -6376,9 +6390,9 @@ "epss": [ { "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ @@ -6408,7 +6422,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.007874999999999998 + "risk": 0.008925 }, "relatedVulnerabilities": [ { @@ -6442,9 +6456,9 @@ "epss": [ { "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ @@ -6494,357 +6508,19 @@ "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], - "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] - }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.00679 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" - } - } - ], - "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libssl3", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], - "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.32792, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00655 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", - "namespace": "nvd:cpe", - "severity": "Critical", - "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.32792, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2019-1010022", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } @@ -6852,16 +6528,18 @@ ], "language": "", "licenses": [ - "GPL-2", - "LGPL-2.1" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } @@ -6878,9 +6556,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -6902,7 +6580,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.008 }, "relatedVulnerabilities": [ { @@ -6945,9 +6623,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7027,9 +6705,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7051,7 +6729,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.008 }, "relatedVulnerabilities": [ { @@ -7094,9 +6772,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7162,77 +6840,106 @@ }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2025-68160", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", - "cvss": [], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00776 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7247,66 +6954,90 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "systemd" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3258, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -7316,47 +7047,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3258, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -7365,7 +7108,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -7373,39 +7116,62 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { - "evidence": "primary" + "evidence": "supporting" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { @@ -7433,9 +7199,9 @@ "epss": [ { "cve": "CVE-2026-0861", - "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ @@ -7451,7 +7217,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.00477 + "risk": 0.006360000000000001 }, "relatedVulnerabilities": [ { @@ -7482,9 +7248,9 @@ "epss": [ { "cve": "CVE-2026-0861", - "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ @@ -7567,24 +7333,24 @@ }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7595,21 +7361,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -7626,15 +7392,15 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7658,7 +7424,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } @@ -7693,24 +7459,24 @@ }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7721,21 +7487,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -7752,15 +7518,15 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7784,7 +7550,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } @@ -7815,25 +7581,25 @@ }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00092, - "percentile": 0.25901, - "date": "2026-02-23" + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -7843,57 +7609,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004600000000000001 + "risk": 0.00585 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00092, - "percentile": 0.25901, - "date": "2026-02-23" + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -7910,27 +7666,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -7939,23 +7695,136 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "openldap" + "name": "systemd" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "cvss": [], + "epss": [ + { + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00585 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" + ], + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "systemd", + "version": "254.26-1~bpo12+1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2023-31439", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", + "type": "deb", + "locations": [ + { + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "annotations": { + "evidence": "primary" + } } - ] + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { @@ -7969,7 +7838,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -7983,9 +7852,9 @@ "epss": [ { "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ @@ -7993,7 +7862,7 @@ "cve": "CVE-2025-9820", "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8004,13 +7873,13 @@ "available": [ { "version": "3.7.9-2+deb12u6", - "date": "2026-02-19", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [], - "risk": 0.0045000000000000005 + "risk": 0.00495 }, "relatedVulnerabilities": [ { @@ -8019,6 +7888,7 @@ "namespace": "nvd:cpe", "severity": "Medium", "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/security/cve/CVE-2025-9820", "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", @@ -8030,7 +7900,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -8044,9 +7914,9 @@ "epss": [ { "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ @@ -8054,7 +7924,7 @@ "cve": "CVE-2025-9820", "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8113,27 +7983,27 @@ }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00072, - "percentile": 0.21926, - "date": "2026-02-23" + "cve": "CVE-2017-14159", + "epss": 0.00092, + "percentile": 0.25756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8141,49 +8011,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0036 + "risk": 0.004600000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-15224.html", - "https://curl.se/docs/CVE-2025-15224.json", - "https://hackerone.com/reports/3480925", - "http://www.openwall.com/lists/oss-security/2026/01/07/7" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.9, + "exploitabilityScore": 3.4, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00072, - "percentile": 0.21926, - "date": "2026-02-23" + "cve": "CVE-2017-14159", + "epss": 0.00092, + "percentile": 0.25756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8198,27 +8078,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -8227,114 +8107,95 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "curl" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8350,27 +8211,27 @@ "version": "12" }, "package": { - "name": "zlib", - "version": "1:1.2.13.dfsg-1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "ca40227a4415e447", - "name": "zlib1g", - "version": "1:1.2.13.dfsg-1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/zlib1g", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/zlib1g", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -8379,12 +8240,21 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:zlib1g:zlib1g:1\\:1.2.13.dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/zlib1g@1%3A1.2.13.dfsg-1?arch=amd64&distro=debian-12&upstream=zlib", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "zlib" + "name": "krb5" } ] } @@ -8401,9 +8271,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8419,7 +8289,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8449,9 +8319,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8486,35 +8356,26 @@ } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -8534,9 +8395,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8552,7 +8413,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8582,9 +8443,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8619,15 +8480,15 @@ } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -8636,9 +8497,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -8658,9 +8524,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8676,7 +8542,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8706,9 +8572,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8743,15 +8609,15 @@ } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -8760,14 +8626,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -8777,25 +8638,25 @@ }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2025-15224", + "epss": 0.00072, + "percentile": 0.21754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -8805,45 +8666,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.0036 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2025-15224", + "epss": 0.00072, + "percentile": 0.21754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -8860,27 +8723,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -8889,12 +8752,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } @@ -8911,9 +8774,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00051, - "percentile": 0.15859, - "date": "2026-02-23" + "epss": 0.00069, + "percentile": 0.20993, + "date": "2026-03-09" } ], "cwes": [ @@ -8929,7 +8792,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00255 + "risk": 0.00345 }, "relatedVulnerabilities": [ { @@ -8959,9 +8822,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00051, - "percentile": 0.15859, - "date": "2026-02-23" + "epss": 0.00069, + "percentile": 0.20993, + "date": "2026-03-09" } ], "cwes": [ @@ -9044,6 +8907,158 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2026-27171", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.00315 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" + ], + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "zlib", + "version": "1:1.2.13.dfsg-1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "ca40227a4415e447", + "name": "zlib1g", + "version": "1:1.2.13.dfsg-1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/zlib1g", + "layerID": "sha256:ff9c58abae10cdc2e87b062a336757e5fec12e5b2a8441e36a779b378f4ea108", + "accessPath": "/var/lib/dpkg/status.d/zlib1g", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:zlib1g:zlib1g:1\\:1.2.13.dfsg-1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/zlib1g@1%3A1.2.13.dfsg-1?arch=amd64&distro=debian-12&upstream=zlib", + "upstreams": [ + { + "name": "zlib" + } + ] + } + }, { "vulnerability": { "id": "CVE-2022-27943", @@ -9057,8 +9072,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9118,8 +9133,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9226,8 +9241,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9287,8 +9302,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9363,8 +9378,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9424,8 +9439,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9528,8 +9543,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9589,8 +9604,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9688,8 +9703,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9749,8 +9764,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9861,8 +9876,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ @@ -9927,8 +9942,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ @@ -10027,8 +10042,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10094,8 +10109,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10176,8 +10191,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10243,8 +10258,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10321,8 +10336,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -10371,8 +10386,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -10447,8 +10462,8 @@ { "cve": "CVE-2026-22185", "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ @@ -10502,8 +10517,8 @@ { "cve": "CVE-2026-22185", "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ @@ -10592,9 +10607,9 @@ "epss": [ { "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.0283, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04357, + "date": "2026-03-09" } ], "fix": { @@ -10602,7 +10617,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0007499999999999999 + "risk": 0.0009 }, "relatedVulnerabilities": [ { @@ -10635,9 +10650,9 @@ "epss": [ { "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.0283, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04357, + "date": "2026-03-09" } ] } @@ -10704,8 +10719,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -10753,8 +10768,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -10965,7 +10980,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -11144,107 +11159,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/oss/grype-4.1.2.md b/docs/security/oss/grype-4.1.2.md index 9f360a0..ad128fa 100644 --- a/docs/security/oss/grype-4.1.2.md +++ b/docs/security/oss/grype-4.1.2.md @@ -7,20 +7,20 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | Critical | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2004) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005) | High | -| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | -| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | +| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| fluent-bit | 4.1.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | +| fluent-bit | 4.1.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.1.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | @@ -33,40 +33,40 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | -| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31438) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31438) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31439) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31439) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-14159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14159) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | diff --git a/docs/security/oss/grype-4.2.0.json b/docs/security/oss/grype-4.2.0.json index 7a3eed5..3616c03 100644 --- a/docs/security/oss/grype-4.2.0.json +++ b/docs/security/oss/grype-4.2.0.json @@ -26,8 +26,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" + "percentile": 0.8064, + "date": "2026-03-09" } ], "cwes": [ @@ -105,8 +105,8 @@ { "cve": "CVE-2023-2953", "epss": 0.01466, - "percentile": 0.80629, - "date": "2026-02-23" + "percentile": 0.8064, + "date": "2026-03-09" } ], "cwes": [ @@ -196,7 +196,7 @@ "namespace": "debian:distro:debian:12", "severity": "Critical", "urls": [], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -214,9 +214,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -246,7 +246,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.6316800000000001 + "risk": 0.9494 }, "relatedVulnerabilities": [ { @@ -261,9 +261,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -281,9 +282,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -382,8 +383,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87837, - "date": "2026-02-23" + "percentile": 0.87877, + "date": "2026-03-09" } ], "cwes": [ @@ -517,8 +518,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87837, - "date": "2026-02-23" + "percentile": 0.87877, + "date": "2026-03-09" } ], "cwes": [ @@ -582,100 +583,105 @@ }, { "vulnerability": { - "id": "CVE-2026-2004", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", + "id": "CVE-2025-69420", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30295, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2004", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.16-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.16-0+deb12u1", - "date": "2026-02-12", + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { - "id": "DSA-6132-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.093725 + "risk": 0.14925 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-2004", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2026-2004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30295, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2004", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -691,63 +697,92 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-2004", - "versionConstraint": "< 15.16-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.16-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2015-3276", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { - "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82309, - "date": "2026-02-23" + "cve": "CVE-2017-17740", + "epss": 0.02871, + "percentile": 0.86062, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -755,27 +790,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08785 + "risk": 0.14355 }, "relatedVulnerabilities": [ { - "id": "CVE-2015-3276", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://rhn.redhat.com/errata/RHSA-2015-2131.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securitytracker.com/id/1034221", - "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -787,7 +823,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -798,10 +834,18 @@ ], "epss": [ { - "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82309, - "date": "2026-02-23" + "cve": "CVE-2017-17740", + "epss": 0.02871, + "percentile": 0.86062, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -822,7 +866,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2015-3276", + "vulnerabilityID": "CVE-2017-17740", "versionConstraint": "none (unknown)" } } @@ -866,90 +910,101 @@ }, { "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "id": "CVE-2026-2004", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [], + "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81831, - "date": "2026-02-23" + "cve": "CVE-2026-2004", + "epss": 0.00115, + "percentile": 0.30109, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-2004", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.16-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.16-0+deb12u1", + "date": "2026-02-12", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.08345000000000001 + "advisories": [ + { + "id": "DSA-6132-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + } + ], + "risk": 0.093725 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "id": "CVE-2026-2004", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://www.postgresql.org/support/security/CVE-2026-2004/" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81831, - "date": "2026-02-23" + "cve": "CVE-2026-2004", + "epss": 0.00115, + "percentile": 0.30109, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-2004", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -964,87 +1019,63 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-20796", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-2004", + "versionConstraint": "< 15.16-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.16-0+deb12u1" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "glibc" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2015-3276", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81681, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2015-3276", + "epss": 0.01757, + "percentile": 0.82337, + "date": "2026-03-09" } ], "fix": { @@ -1052,28 +1083,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08215 + "risk": 0.08785 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "id": "CVE-2015-3276", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "http://rhn.redhat.com/errata/RHSA-2015-2131.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securitytracker.com/id/1034221", + "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1085,7 +1115,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1096,18 +1126,10 @@ ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81681, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2015-3276", + "epss": 0.01757, + "percentile": 0.82337, + "date": "2026-03-09" } ] } @@ -1128,7 +1150,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2015-3276", "versionConstraint": "none (unknown)" } } @@ -1172,25 +1194,25 @@ }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80809, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1200,25 +1222,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.07425000000000001 + "risk": 0.0746 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1230,7 +1255,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1241,16 +1266,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80809, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1267,50 +1292,60 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-20796", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", - "version": "1.20.1-2+deb12u4", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "krb5" + "name": "glibc" } ] } @@ -1328,8 +1363,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1388,8 +1423,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1424,15 +1459,15 @@ } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -1441,9 +1476,18 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1464,8 +1508,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1524,8 +1568,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1560,15 +1604,15 @@ } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } @@ -1577,14 +1621,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -1605,8 +1644,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1665,8 +1704,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1701,13 +1740,154 @@ } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libkrb5-3", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.07425000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "krb5", + "version": "1.20.1-2+deb12u4" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "f17cb326c34696aa", + "name": "libkrb5support0", + "version": "1.20.1-2+deb12u4", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { @@ -1754,8 +1934,8 @@ { "cve": "CVE-2026-2006", "epss": 0.00075, - "percentile": 0.22584, - "date": "2026-02-23" + "percentile": 0.22442, + "date": "2026-03-09" } ], "cwes": [ @@ -1815,8 +1995,8 @@ { "cve": "CVE-2026-2006", "epss": 0.00075, - "percentile": 0.22584, - "date": "2026-02-23" + "percentile": 0.22442, + "date": "2026-03-09" } ], "cwes": [ @@ -1907,8 +2087,8 @@ { "cve": "CVE-2026-2005", "epss": 0.00066, - "percentile": 0.20357, - "date": "2026-02-23" + "percentile": 0.20179, + "date": "2026-03-09" } ], "cwes": [ @@ -1968,8 +2148,8 @@ { "cve": "CVE-2026-2005", "epss": 0.00066, - "percentile": 0.20357, - "date": "2026-02-23" + "percentile": 0.20179, + "date": "2026-03-09" } ], "cwes": [ @@ -2060,8 +2240,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.28169, - "date": "2026-02-23" + "percentile": 0.27974, + "date": "2026-03-09" } ], "fix": { @@ -2104,8 +2284,8 @@ { "cve": "CVE-2025-10148", "epss": 0.00102, - "percentile": 0.28169, - "date": "2026-02-23" + "percentile": 0.27974, + "date": "2026-03-09" } ] } @@ -2161,16 +2341,16 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -2183,16 +2363,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2216,24 +2396,36 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.0525 + "risk": 0.048749999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -2249,16 +2441,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2281,7 +2473,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { @@ -2340,50 +2532,229 @@ }, { "vulnerability": { - "id": "CVE-2025-0725", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", - "cvss": [], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2025-0725", - "epss": 0.00904, - "percentile": 0.75372, - "date": "2026-02-23" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-0725", - "cwe": "CWE-120", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0452 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.045445 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-0725", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-0725.html", - "https://curl.se/docs/CVE-2025-0725.json", - "https://hackerone.com/reports/2956023", - "http://www.openwall.com/lists/oss-security/2025/02/05/3", - "http://www.openwall.com/lists/oss-security/2025/02/06/2", - "http://www.openwall.com/lists/oss-security/2025/02/06/4", - "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "metrics": { + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-69419", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "openssl", + "version": "3.0.17-1~deb12u3" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2025-69419", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" + } + } + ], + "artifact": { + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libssl3", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], + "cpes": [ + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "upstreams": [ + { + "name": "openssl" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2025-0725", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-0725", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2025-0725", + "epss": 0.00904, + "percentile": 0.75428, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-0725", + "cwe": "CWE-120", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0452 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-0725", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://curl.se/docs/CVE-2025-0725.html", + "https://curl.se/docs/CVE-2025-0725.json", + "https://hackerone.com/reports/2956023", + "http://www.openwall.com/lists/oss-security/2025/02/05/3", + "http://www.openwall.com/lists/oss-security/2025/02/06/2", + "http://www.openwall.com/lists/oss-security/2025/02/06/4", + "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7", "https://security.netapp.com/advisory/ntap-20250306-0009/" ], "description": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", @@ -2405,8 +2776,8 @@ { "cve": "CVE-2025-0725", "epss": 0.00904, - "percentile": 0.75372, - "date": "2026-02-23" + "percentile": 0.75428, + "date": "2026-03-09" } ], "cwes": [ @@ -2494,8 +2865,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ @@ -2544,8 +2915,8 @@ { "cve": "CVE-2025-13151", "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ @@ -2610,106 +2981,87 @@ }, { "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "namespace": "debian:distro:debian:12", - "severity": "High", + "severity": "Negligible", "urls": [], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74743, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.044250000000000005 + "advisories": [], + "risk": 0.043000000000000003 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74743, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -2724,46 +3076,43 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69421", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2019-9192", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -2771,18 +3120,16 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "GPL-2", + "LGPL-2.1" ], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } @@ -2800,8 +3147,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00856, - "percentile": 0.74635, - "date": "2026-02-23" + "percentile": 0.74696, + "date": "2026-03-09" } ], "cwes": [ @@ -2863,8 +3210,8 @@ { "cve": "CVE-2019-1010025", "epss": 0.00856, - "percentile": 0.74635, - "date": "2026-02-23" + "percentile": 0.74696, + "date": "2026-03-09" } ], "cwes": [ @@ -2947,87 +3294,96 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", - "cvss": [], + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74388, - "date": "2026-02-23" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22241, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "15.15-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.04205000000000001 + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.9, + "exploitabilityScore": 2.3, "impactScore": 3.6 }, "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74388, - "date": "2026-02-23" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22241, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -3042,165 +3398,131 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-9192", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-12818", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.15-0+deb12u1" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", "upstreams": [ { - "name": "glibc" + "name": "postgresql-15" } ] } }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "id": "CVE-2025-15281", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", "namespace": "debian:distro:debian:12", "severity": "High", "urls": [], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "wont-fix" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.04171999999999999 + "advisories": [], + "risk": 0.039749999999999994 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2025-15281", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", + "http://www.openwall.com/lists/oss-security/2026/01/20/3" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, - "exploitabilityScore": 2.3, - "impactScore": 5.2 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2025-15281", + "epss": 0.00053, + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-15281", + "cwe": "CWE-908", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -3216,46 +3538,43 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-69419", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2025-15281", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -3263,113 +3582,121 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "GPL-2", + "LGPL-2.1" ], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } }, { "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", "namespace": "debian:distro:debian:12", "severity": "Medium", "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.2238, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "15.15-0+deb12u1" + "3.0.18-1~deb12u2" ], "state": "fixed", "available": [ { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" } ] }, - "advisories": [], - "risk": 0.040330000000000005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.039654999999999996 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", + "id": "CVE-2026-22796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" + "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", + "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", + "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", + "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", + "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.2238, - "date": "2026-02-23" + "cve": "CVE-2026-22796", + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2026-22796", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -3385,65 +3712,88 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12818", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2026-22796", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" }, "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "postgresql-15" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2025-15281", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15281", - "namespace": "debian:distro:debian:12", - "severity": "High", - "urls": [], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} @@ -3451,78 +3801,174 @@ ], "epss": [ { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "" }, "advisories": [], - "risk": 0.039749999999999994 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-15281", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15281", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33814", - "http://www.openwall.com/lists/oss-security/2026/01/20/3" - ], - "description": "Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-15281", - "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-15281", - "cwe": "CWE-908", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "12" + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.2.0" + } + }, + "found": { + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "98f5fa2eeb129470", + "name": "fluent-bit", + "version": "4.2.0", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:926d867f71941d2c8d8ab91f3d5b7695f120d160677e4022348a992b7e6c120d", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.2.0", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70355, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0323 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" + ], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70355, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" }, "package": { "name": "glibc", @@ -3531,7 +3977,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15281", + "vulnerabilityID": "CVE-2019-1010024", "versionConstraint": "none (unknown)" } } @@ -3585,39 +4031,39 @@ }, { "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 + "exploitabilityScore": 0.8, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29478", + "cve": "CVE-2025-29477", "cwe": "CWE-400", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" @@ -3628,7 +4074,7 @@ "state": "" }, "advisories": [], - "risk": 0.037275 + "risk": 0.027825000000000003 }, "relatedVulnerabilities": [], "matchDetails": [ @@ -3646,7 +4092,7 @@ } }, "found": { - "vulnerabilityID": "CVE-2025-29478", + "vulnerabilityID": "CVE-2025-29477", "versionConstraint": "none (unknown)", "cpes": [ "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" @@ -3680,113 +4126,86 @@ }, { "vulnerability": { - "id": "CVE-2026-22796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-22796", + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS#7 data. Impact summary: An application performing signature verification of PKCS#7 data or calling directly the PKCS7_digest_from_attributes() function can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The function PKCS7_digest_from_attributes() accesses the message digest attribute value without validating its type. When the type is not V_ASN1_OCTET_STRING, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed signed PKCS#7 to an application that verifies it. The impact of the exploit is just a Denial of Service, the PKCS7 API is legacy and applications should be using the CMS API instead. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#7 parsing implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67585, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" } ], "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.03605 + "advisories": [], + "risk": 0.0275 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-22796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-22796", + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/2502e7b7d4c0cf4f972a881641fe09edc67aeec4", - "https://github.com/openssl/openssl/commit/572844beca95068394c916626a6d3a490f831a49", - "https://github.com/openssl/openssl/commit/7bbca05be55b129651d9df4bdb92becc45002c12", - "https://github.com/openssl/openssl/commit/eeee3cbd4d682095ed431052f00403004596373e", - "https://github.com/openssl/openssl/commit/ef2fb66ec571564d64d1c74a12e388a2a54d05d2", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" ], - "description": "Issue summary: A type confusion vulnerability exists in the signature\nverification of signed PKCS#7 data where an ASN1_TYPE union member is\naccessed without first validating the type, causing an invalid or NULL\npointer dereference when processing malformed PKCS#7 data.\n\nImpact summary: An application performing signature verification of PKCS#7\ndata or calling directly the PKCS7_digest_from_attributes() function can be\ncaused to dereference an invalid or NULL pointer when reading, resulting in\na Denial of Service.\n\nThe function PKCS7_digest_from_attributes() accesses the message digest attribute\nvalue without validating its type. When the type is not V_ASN1_OCTET_STRING,\nthis results in accessing invalid memory through the ASN1_TYPE union, causing\na crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nsigned PKCS#7 to an application that verifies it. The impact of the\nexploit is just a Denial of Service, the PKCS7 API is legacy and applications\nshould be using the CMS API instead. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#7 parsing implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67585, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-22796", - "cwe": "CWE-754", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3794,90 +4213,62 @@ "version": "12" }, "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-22796", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3", + "path": "/var/lib/dpkg/status.d/libgcrypt20", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libssl3", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70329, - "date": "2026-02-23" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66224, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -3887,33 +4278,31 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0323 + "risk": 0.025750000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} }, @@ -3932,16 +4321,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70329, - "date": "2026-02-23" + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66224, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", + "cve": "CVE-2018-6829", + "cwe": "CWE-327", "source": "nvd@nist.gov", "type": "Primary" } @@ -3950,7 +4339,7 @@ ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -3958,279 +4347,176 @@ "version": "12" }, "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" + "name": "libgcrypt20", + "version": "1.10.1-3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2019-1010024", + "vulnerabilityID": "CVE-2018-6829", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", + "id": "aa143951e2980797", + "name": "libgcrypt20", + "version": "1.10.1-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", + "upstreams": [] } }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", + "id": "CVE-2026-2003", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2003", + "namespace": "debian:distro:debian:12", "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "urls": [], + "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" + "cve": "CVE-2026-2003", + "epss": 0.00049, + "percentile": 0.14888, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-2003", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "" + "versions": [ + "15.16-0+deb12u1" + ], + "state": "fixed", + "available": [ + { + "version": "15.16-0+deb12u1", + "date": "2026-02-12", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.027825000000000003 + "advisories": [ + { + "id": "DSA-6132-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" + } + ], + "risk": 0.022785 }, - "relatedVulnerabilities": [], + "relatedVulnerabilities": [ + { + "id": "CVE-2026-2003", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2003", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://www.postgresql.org/support/security/CVE-2026-2003/" + ], + "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 4.3, + "exploitabilityScore": 2.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-2003", + "epss": 0.00049, + "percentile": 0.14888, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-2003", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" + } + ] + } + ], "matchDetails": [ { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.2.0" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "98f5fa2eeb129470", - "name": "fluent-bit", - "version": "4.2.0", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:926d867f71941d2c8d8ab91f3d5b7695f120d160677e4022348a992b7e6c120d", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.0:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.2.0", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66163, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.025750000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66163, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { "distro": { "type": "debian", "version": "12" }, "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" + "name": "postgresql-15", + "version": "15.14-0+deb12u1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2018-6829", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-2003", + "versionConstraint": "< 15.16-0+deb12u1 (deb)" + }, + "fix": { + "suggestedVersion": "15.16-0+deb12u1" } } ], "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", + "id": "da0ab4ee51b298d8", + "name": "libpq5", + "version": "15.14-0+deb12u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgcrypt20", + "path": "/var/lib/dpkg/status.d/libpq5", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } @@ -4239,29 +4525,33 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] + "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "upstreams": [ + { + "name": "postgresql-15" + } + ] } }, { "vulnerability": { - "id": "CVE-2026-2003", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2003", + "id": "CVE-2025-12817", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Low", "urls": [], - "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4269,60 +4559,55 @@ ], "epss": [ { - "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.15197, - "date": "2026-02-23" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20185, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2003", - "cwe": "CWE-1287", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ - "15.16-0+deb12u1" + "15.15-0+deb12u1" ], "state": "fixed", "available": [ { - "version": "15.16-0+deb12u1", - "date": "2026-02-12", - "kind": "advisory" + "version": "15.15-0+deb12u1", + "date": "2026-01-19", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-6132-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6132-1" - } - ], - "risk": 0.022785 + "advisories": [], + "risk": 0.02013 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-2003", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2003", + "id": "CVE-2025-12817", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Low", "urls": [ - "https://www.postgresql.org/support/security/CVE-2026-2003/" + "https://www.postgresql.org/support/security/CVE-2025-12817/" ], - "description": "Improper validation of type \"oidvector\" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 4.3, - "exploitabilityScore": 2.9, + "baseScore": 3.1, + "exploitabilityScore": 1.7, "impactScore": 1.5 }, "vendorMetadata": {} @@ -4330,16 +4615,16 @@ ], "epss": [ { - "cve": "CVE-2026-2003", - "epss": 0.00049, - "percentile": 0.15197, - "date": "2026-02-23" + "cve": "CVE-2025-12817", + "epss": 0.00066, + "percentile": 0.20185, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2003", - "cwe": "CWE-1287", + "cve": "CVE-2025-12817", + "cwe": "CWE-862", "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } @@ -4362,11 +4647,11 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-2003", - "versionConstraint": "< 15.16-0+deb12u1 (deb)" + "vulnerabilityID": "CVE-2025-12817", + "versionConstraint": "< 15.15-0+deb12u1 (deb)" }, "fix": { - "suggestedVersion": "15.16-0+deb12u1" + "suggestedVersion": "15.15-0+deb12u1" } } ], @@ -4400,95 +4685,88 @@ }, { "vulnerability": { - "id": "CVE-2025-12817", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12817", + "id": "CVE-2025-14819", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", "namespace": "debian:distro:debian:12", - "severity": "Low", + "severity": "Medium", "urls": [], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20362, - "date": "2026-02-23" + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11553, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "15.15-0+deb12u1" - ], - "state": "fixed", - "available": [ - { - "version": "15.15-0+deb12u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.02013 + "risk": 0.020085 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-12817", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12817", + "id": "CVE-2025-14819", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12817/" + "https://curl.se/docs/CVE-2025-14819.html", + "https://curl.se/docs/CVE-2025-14819.json", + "http://www.openwall.com/lists/oss-security/2026/01/07/5" ], - "description": "Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", + "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "metrics": { - "baseScore": 3.1, + "baseScore": 5.3, "exploitabilityScore": 1.7, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-12817", - "epss": 0.00066, - "percentile": 0.20362, - "date": "2026-02-23" + "cve": "CVE-2025-14819", + "epss": 0.00039, + "percentile": 0.11553, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-12817", - "cwe": "CWE-862", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-14819", + "cwe": "CWE-295", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -4504,30 +4782,27 @@ "version": "12" }, "package": { - "name": "postgresql-15", - "version": "15.14-0+deb12u1" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-12817", - "versionConstraint": "< 15.15-0+deb12u1 (deb)" - }, - "fix": { - "suggestedVersion": "15.15-0+deb12u1" + "vulnerabilityID": "CVE-2025-14819", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "da0ab4ee51b298d8", - "name": "libpq5", - "version": "15.14-0+deb12u1", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -4536,101 +4811,91 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:15.14-0\\+deb12u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@15.14-0%2Bdeb12u1?arch=amd64&distro=debian-12&upstream=postgresql-15", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "postgresql-15" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2025-14819", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14819", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11852, - "date": "2026-02-23" + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59883, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.020085 + "risk": 0.019700000000000002 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-14819", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14819", + "id": "CVE-2010-4756", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-14819.html", - "https://curl.se/docs/CVE-2025-14819.json", - "http://www.openwall.com/lists/oss-security/2026/01/07/5" + "http://cxib.net/stuff/glob-0day.c", + "http://securityreason.com/achievement_securityalert/89", + "http://securityreason.com/exploitalert/9223", + "https://bugzilla.redhat.com/show_bug.cgi?id=681681", + "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", + "https://security.netapp.com/advisory/ntap-20241108-0002/" ], - "description": "When doing TLS related transfers with reused easy or multi handles and\naltering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally\nreuse a CA store cached in memory for which the partial chain option was\nreversed. Contrary to the user's wishes and expectations. This could make\nlibcurl find and accept a trust chain that it otherwise would not.", + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 1.7, - "impactScore": 3.6 + "baseScore": 4, + "exploitabilityScore": 8, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-14819", - "epss": 0.00039, - "percentile": 0.11852, - "date": "2026-02-23" + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59883, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-14819", - "cwe": "CWE-295", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2010-4756", + "cwe": "CWE-399", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -4645,41 +4910,60 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-14819", + "vulnerabilityID": "CVE-2010-4756", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", "upstreams": [ { - "name": "curl" + "name": "glibc" } ] } @@ -4695,7 +4979,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -4709,9 +4993,9 @@ "epss": [ { "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ @@ -4719,7 +5003,7 @@ "cve": "CVE-2025-14831", "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -4741,7 +5025,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" } ], - "risk": 0.020085 + "risk": 0.019055 }, "relatedVulnerabilities": [ { @@ -4750,6 +5034,7 @@ "namespace": "nvd:cpe", "severity": "Medium", "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/security/cve/CVE-2025-14831", "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], @@ -4757,7 +5042,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -4771,9 +5056,9 @@ "epss": [ { "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" } ], "cwes": [ @@ -4781,7 +5066,7 @@ "cve": "CVE-2025-14831", "cwe": "CWE-407", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -4840,27 +5125,19 @@ }, { "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59824, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54089, + "date": "2026-03-09" } ], "fix": { @@ -4868,174 +5145,35 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.019700000000000002 + "risk": 0.01565 }, "relatedVulnerabilities": [ { - "id": "CVE-2010-4756", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2010-4756", + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "http://cxib.net/stuff/glob-0day.c", - "http://securityreason.com/achievement_securityalert/89", - "http://securityreason.com/exploitalert/9223", - "https://bugzilla.redhat.com/show_bug.cgi?id=681681", - "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756", - "https://security.netapp.com/advisory/ntap-20241108-0002/" + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" ], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 8, - "impactScore": 2.9 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59824, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2010-4756", - "cwe": "CWE-399", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2010-4756", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "GPL-2", - "LGPL-2.1" - ], - "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010023", - "epss": 0.00322, - "percentile": 0.54833, - "date": "2026-02-23" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.0161 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" - ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, + }, { "source": "nvd@nist.gov", "type": "Primary", @@ -5064,9 +5202,9 @@ "epss": [ { "cve": "CVE-2019-1010023", - "epss": 0.00322, - "percentile": 0.54833, - "date": "2026-02-23" + "epss": 0.00313, + "percentile": 0.54089, + "date": "2026-03-09" } ] } @@ -5165,8 +5303,8 @@ { "cve": "CVE-2025-14524", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -5215,8 +5353,8 @@ { "cve": "CVE-2025-14524", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -5304,8 +5442,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -5352,8 +5490,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -5434,130 +5572,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44529, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011100000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44529, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "libgcrypt20", - "version": "1.10.1-3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "aa143951e2980797", - "name": "libgcrypt20", - "version": "1.10.1-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.10.1-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.10.1-3?arch=amd64&distro=debian-12", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2020-15719", @@ -5571,8 +5585,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43918, - "date": "2026-02-23" + "percentile": 0.43824, + "date": "2026-03-09" } ], "cwes": [ @@ -5636,8 +5650,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43918, - "date": "2026-02-23" + "percentile": 0.43824, + "date": "2026-03-09" } ], "cwes": [ @@ -5720,9 +5734,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5738,7 +5752,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -5768,9 +5782,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5853,9 +5867,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5871,7 +5885,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -5901,9 +5915,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5977,9 +5991,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5995,7 +6009,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6025,9 +6039,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6106,9 +6120,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6124,7 +6138,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6154,9 +6168,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6231,8 +6245,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42503, - "date": "2026-02-23" + "percentile": 0.42397, + "date": "2026-03-09" } ], "cwes": [ @@ -6288,8 +6302,8 @@ { "cve": "CVE-2024-2379", "epss": 0.00205, - "percentile": 0.42503, - "date": "2026-02-23" + "percentile": 0.42397, + "date": "2026-03-09" } ], "cwes": [ @@ -6376,9 +6390,9 @@ "epss": [ { "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ @@ -6408,7 +6422,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.007874999999999998 + "risk": 0.008925 }, "relatedVulnerabilities": [ { @@ -6442,9 +6456,9 @@ "epss": [ { "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ @@ -6494,357 +6508,19 @@ "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], - "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", - "namespace": "debian:distro:debian:12", - "severity": "Medium", - "urls": [], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "3.0.18-1~deb12u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.0.18-1~deb12u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] - }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.00679 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" - ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "openssl", - "version": "3.0.17-1~deb12u3" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.0.18-1~deb12u2" - } - } - ], - "artifact": { - "id": "f17ef78f1c42683d", - "name": "libssl3", - "version": "3.0.17-1~deb12u3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libssl3", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libssl3", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libssl3/copyright", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/usr/share/doc/libssl3/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3.md5sums", - "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", - "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], - "cpes": [ - "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "namespace": "debian:distro:debian:12", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.32792, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.00655 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", - "namespace": "nvd:cpe", - "severity": "Critical", - "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 9.8, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.32792, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "12" - }, - "package": { - "name": "glibc", - "version": "2.36-9+deb12u13" - }, - "namespace": "debian:distro:debian:12" - }, - "found": { - "vulnerabilityID": "CVE-2019-1010022", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "b1f23f68887853e1", - "name": "libc6", - "version": "2.36-9+deb12u13", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/usr/share/doc/libc6/copyright", + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", "annotations": { "evidence": "supporting" } @@ -6852,16 +6528,18 @@ ], "language": "", "licenses": [ - "GPL-2", - "LGPL-2.1" + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } @@ -6878,9 +6556,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -6902,7 +6580,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.008 }, "relatedVulnerabilities": [ { @@ -6945,9 +6623,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7027,9 +6705,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7051,7 +6729,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.008 }, "relatedVulnerabilities": [ { @@ -7094,9 +6772,9 @@ "epss": [ { "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ @@ -7162,77 +6840,106 @@ }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2025-68160", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", "namespace": "debian:distro:debian:12", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", - "cvss": [], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.0.18-1~deb12u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.0.18-1~deb12u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.005 + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00776 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" } ] } @@ -7247,66 +6954,90 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "openssl", + "version": "3.0.17-1~deb12u3" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 3.0.18-1~deb12u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.0.18-1~deb12u2" } } ], "artifact": { - "id": "a48fdf88485dfed0", - "name": "libsystemd0", - "version": "254.26-1~bpo12+1", + "id": "f17ef78f1c42683d", + "name": "libssl3", + "version": "3.0.17-1~deb12u3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libssl3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libssl3", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3/copyright", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/usr/share/doc/libssl3/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3.md5sums", + "layerID": "sha256:8127a9673224dfe54799359062e838de50453d217ddc48df68bf3615828b86d9", + "accessPath": "/var/lib/dpkg/status.d/libssl3.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3:libssl3:3.0.17-1\\~deb12u3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", + "purl": "pkg:deb/debian/libssl3@3.0.17-1~deb12u3?arch=amd64&distro=debian-12&upstream=openssl", "upstreams": [ { - "name": "systemd" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2023-31438", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3258, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -7316,47 +7047,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31438", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28886", - "https://github.com/systemd/systemd/releases" + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3258, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31438", - "cwe": "CWE-354", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" } @@ -7365,7 +7108,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -7373,39 +7116,62 @@ "version": "12" }, "package": { - "name": "systemd", - "version": "254.26-1~bpo12+1" + "name": "glibc", + "version": "2.36-9+deb12u13" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31438", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "fbdf5e39d3c6b8fd", - "name": "systemd", - "version": "254.26-1~bpo12+1", + "id": "b1f23f68887853e1", + "name": "libc6", + "version": "2.36-9+deb12u13", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", - "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:bd29502adf199ad9c03afba9bc79df572a26ec60a2a6ffdda4883a5b7a1632fe", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { - "evidence": "primary" + "evidence": "supporting" } } ], "language": "", - "licenses": [], + "licenses": [ + "GPL-2", + "LGPL-2.1" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.36-9\\+deb12u13:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.36-9%2Bdeb12u13?arch=amd64&distro=debian-12&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { @@ -7433,9 +7199,9 @@ "epss": [ { "cve": "CVE-2026-0861", - "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ @@ -7451,7 +7217,7 @@ "state": "wont-fix" }, "advisories": [], - "risk": 0.00477 + "risk": 0.006360000000000001 }, "relatedVulnerabilities": [ { @@ -7482,9 +7248,9 @@ "epss": [ { "cve": "CVE-2026-0861", - "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ @@ -7567,24 +7333,24 @@ }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7595,21 +7361,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -7626,15 +7392,15 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7658,7 +7424,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } @@ -7693,24 +7459,24 @@ }, { "vulnerability": { - "id": "CVE-2023-31439", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7721,21 +7487,21 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00625 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31439", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "id": "CVE-2023-31438", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31438", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ "https://github.com/kastel-security/Journald", "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/pull/28886", "https://github.com/systemd/systemd/releases" ], - "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", @@ -7752,15 +7518,15 @@ ], "epss": [ { - "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "cve": "CVE-2023-31438", + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31439", + "cve": "CVE-2023-31438", "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" @@ -7784,7 +7550,7 @@ "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2023-31439", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } @@ -7815,25 +7581,25 @@ }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00092, - "percentile": 0.25901, - "date": "2026-02-23" + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -7843,57 +7609,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.004600000000000001 + "risk": 0.00585 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, - "impactScore": 2.9 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00092, - "percentile": 0.25901, - "date": "2026-02-23" + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", + "cve": "CVE-2023-31439", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" } @@ -7910,27 +7666,27 @@ "version": "12" }, "package": { - "name": "openldap", - "version": "2.5.13+dfsg-5" + "name": "systemd", + "version": "254.26-1~bpo12+1" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2017-14159", + "vulnerabilityID": "CVE-2023-31439", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "919a44d8cbaa32e2", - "name": "libldap-2.5-0", - "version": "2.5.13+dfsg-5", + "id": "a48fdf88485dfed0", + "name": "libsystemd0", + "version": "254.26-1~bpo12+1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap-2.5-0", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } @@ -7939,23 +7695,136 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", + "purl": "pkg:deb/debian/libsystemd0@254.26-1~bpo12%2B1?arch=amd64&distro=debian-12&upstream=systemd", "upstreams": [ { - "name": "openldap" + "name": "systemd" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2023-31439", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31439", + "namespace": "debian:distro:debian:12", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "cvss": [], + "epss": [ + { + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.00585 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2023-31439", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31439", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/pull/28885", + "https://github.com/systemd/systemd/releases" + ], + "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2023-31439", + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2023-31439", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "systemd", + "version": "254.26-1~bpo12+1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2023-31439", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "fbdf5e39d3c6b8fd", + "name": "systemd", + "version": "254.26-1~bpo12+1", + "type": "deb", + "locations": [ + { + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.37.0", + "annotations": { + "evidence": "primary" + } } - ] + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:254.26-1\\~bpo12\\+1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@254.26-1~bpo12%2B1", + "upstreams": [] } }, { @@ -7969,7 +7838,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -7983,9 +7852,9 @@ "epss": [ { "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ @@ -7993,7 +7862,7 @@ "cve": "CVE-2025-9820", "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ], "fix": { @@ -8004,13 +7873,13 @@ "available": [ { "version": "3.7.9-2+deb12u6", - "date": "2026-02-19", + "date": "2026-02-27", "kind": "first-observed" } ] }, "advisories": [], - "risk": 0.0045000000000000005 + "risk": 0.00495 }, "relatedVulnerabilities": [ { @@ -8019,6 +7888,7 @@ "namespace": "nvd:cpe", "severity": "Medium", "urls": [ + "https://access.redhat.com/errata/RHSA-2026:3477", "https://access.redhat.com/security/cve/CVE-2025-9820", "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", @@ -8030,7 +7900,7 @@ "cvss": [ { "source": "secalert@redhat.com", - "type": "Primary", + "type": "Secondary", "version": "3.1", "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { @@ -8044,9 +7914,9 @@ "epss": [ { "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ @@ -8054,7 +7924,7 @@ "cve": "CVE-2025-9820", "cwe": "CWE-121", "source": "secalert@redhat.com", - "type": "Primary" + "type": "Secondary" } ] } @@ -8113,27 +7983,27 @@ }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00072, - "percentile": 0.21926, - "date": "2026-02-23" + "cve": "CVE-2017-14159", + "epss": 0.00092, + "percentile": 0.25756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -8141,49 +8011,59 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0036 + "risk": 0.004600000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "Medium", "urls": [ - "https://curl.se/docs/CVE-2025-15224.html", - "https://curl.se/docs/CVE-2025-15224.json", - "https://hackerone.com/reports/3480925", - "http://www.openwall.com/lists/oss-security/2026/01/07/7" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.9, + "exploitabilityScore": 3.4, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00072, - "percentile": 0.21926, - "date": "2026-02-23" + "cve": "CVE-2017-14159", + "epss": 0.00092, + "percentile": 0.25756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -8198,27 +8078,27 @@ "version": "12" }, "package": { - "name": "curl", - "version": "7.88.1-10+deb12u14" + "name": "openldap", + "version": "2.5.13+dfsg-5" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2017-14159", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "7b756a4c6b6cb784", - "name": "libcurl4", - "version": "7.88.1-10+deb12u14", + "id": "919a44d8cbaa32e2", + "name": "libldap-2.5-0", + "version": "2.5.13+dfsg-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4", + "path": "/var/lib/dpkg/status.d/libldap-2.5-0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libcurl4", + "accessPath": "/var/lib/dpkg/status.d/libldap-2.5-0", "annotations": { "evidence": "primary" } @@ -8227,114 +8107,95 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap-2.5-0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5-0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5_0:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap-2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap_2.5:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap-2.5-0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libldap:libldap_2.5_0:2.5.13\\+dfsg-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", + "purl": "pkg:deb/debian/libldap-2.5-0@2.5.13%2Bdfsg-5?arch=amd64&distro=debian-12&upstream=openldap", "upstreams": [ { - "name": "curl" + "name": "openldap" } ] } }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:12", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8350,27 +8211,27 @@ "version": "12" }, "package": { - "name": "zlib", - "version": "1:1.2.13.dfsg-1" + "name": "krb5", + "version": "1.20.1-2+deb12u4" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "ca40227a4415e447", - "name": "zlib1g", - "version": "1:1.2.13.dfsg-1", + "id": "c8948b00cda8062b", + "name": "libgssapi-krb5-2", + "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/zlib1g", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/zlib1g", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -8379,12 +8240,21 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:zlib1g:zlib1g:1\\:1.2.13.dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/zlib1g@1%3A1.2.13.dfsg-1?arch=amd64&distro=debian-12&upstream=zlib", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { - "name": "zlib" + "name": "krb5" } ] } @@ -8401,9 +8271,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8419,7 +8289,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8449,9 +8319,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8486,35 +8356,26 @@ } ], "artifact": { - "id": "c8948b00cda8062b", - "name": "libgssapi-krb5-2", + "id": "8f3a478cb18888b8", + "name": "libk5crypto3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libk5crypto3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { "evidence": "primary" } } ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -8534,9 +8395,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8552,7 +8413,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8582,9 +8443,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8619,15 +8480,15 @@ } ], "artifact": { - "id": "8f3a478cb18888b8", - "name": "libk5crypto3", + "id": "575c8aeb7addaf05", + "name": "libkrb5-3", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -8636,9 +8497,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -8658,9 +8524,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8676,7 +8542,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8706,9 +8572,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8743,15 +8609,15 @@ } ], "artifact": { - "id": "575c8aeb7addaf05", - "name": "libkrb5-3", + "id": "f17cb326c34696aa", + "name": "libkrb5support0", "version": "1.20.1-2+deb12u4", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -8760,14 +8626,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -8777,25 +8638,25 @@ }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:12", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2025-15224", + "epss": 0.00072, + "percentile": 0.21754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -8805,45 +8666,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.0036 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2025-15224", + "epss": 0.00072, + "percentile": 0.21754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -8860,27 +8723,27 @@ "version": "12" }, "package": { - "name": "krb5", - "version": "1.20.1-2+deb12u4" + "name": "curl", + "version": "7.88.1-10+deb12u14" }, "namespace": "debian:distro:debian:12" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "f17cb326c34696aa", - "name": "libkrb5support0", - "version": "1.20.1-2+deb12u4", + "id": "7b756a4c6b6cb784", + "name": "libcurl4", + "version": "7.88.1-10+deb12u14", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/libcurl4", "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/libcurl4", "annotations": { "evidence": "primary" } @@ -8889,12 +8752,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.20.1-2\\+deb12u4:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4:libcurl4:7.88.1-10\\+deb12u14:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.20.1-2%2Bdeb12u4?arch=amd64&distro=debian-12&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4@7.88.1-10%2Bdeb12u14?arch=amd64&distro=debian-12&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } @@ -8911,9 +8774,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00051, - "percentile": 0.15859, - "date": "2026-02-23" + "epss": 0.00069, + "percentile": 0.20993, + "date": "2026-03-09" } ], "cwes": [ @@ -8929,7 +8792,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00255 + "risk": 0.00345 }, "relatedVulnerabilities": [ { @@ -8959,9 +8822,9 @@ "epss": [ { "cve": "CVE-2025-27587", - "epss": 0.00051, - "percentile": 0.15859, - "date": "2026-02-23" + "epss": 0.00069, + "percentile": 0.20993, + "date": "2026-03-09" } ], "cwes": [ @@ -9044,6 +8907,158 @@ ] } }, + { + "vulnerability": { + "id": "CVE-2026-27171", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", + "namespace": "debian:distro:debian:12", + "severity": "Medium", + "urls": [], + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" + }, + "advisories": [], + "risk": 0.00315 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" + ], + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "12" + }, + "package": { + "name": "zlib", + "version": "1:1.2.13.dfsg-1" + }, + "namespace": "debian:distro:debian:12" + }, + "found": { + "vulnerabilityID": "CVE-2026-27171", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "ca40227a4415e447", + "name": "zlib1g", + "version": "1:1.2.13.dfsg-1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/zlib1g", + "layerID": "sha256:0c4e7b53773d97c6fcca13363f20bd796d51205dbffc1c86605ca6d541375a96", + "accessPath": "/var/lib/dpkg/status.d/zlib1g", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:zlib1g:zlib1g:1\\:1.2.13.dfsg-1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/zlib1g@1%3A1.2.13.dfsg-1?arch=amd64&distro=debian-12&upstream=zlib", + "upstreams": [ + { + "name": "zlib" + } + ] + } + }, { "vulnerability": { "id": "CVE-2022-27943", @@ -9057,8 +9072,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9118,8 +9133,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9226,8 +9241,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9287,8 +9302,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9363,8 +9378,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9424,8 +9439,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9528,8 +9543,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9589,8 +9604,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9688,8 +9703,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9749,8 +9764,8 @@ { "cve": "CVE-2022-27943", "epss": 0.0005, - "percentile": 0.15439, - "date": "2026-02-23" + "percentile": 0.15161, + "date": "2026-03-09" } ], "cwes": [ @@ -9861,8 +9876,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ @@ -9927,8 +9942,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ @@ -10027,8 +10042,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10094,8 +10109,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10176,8 +10191,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10243,8 +10258,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -10321,8 +10336,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -10371,8 +10386,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -10447,8 +10462,8 @@ { "cve": "CVE-2026-22185", "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ @@ -10502,8 +10517,8 @@ { "cve": "CVE-2026-22185", "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ @@ -10592,9 +10607,9 @@ "epss": [ { "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.0283, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04357, + "date": "2026-03-09" } ], "fix": { @@ -10602,7 +10617,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0007499999999999999 + "risk": 0.0009 }, "relatedVulnerabilities": [ { @@ -10635,9 +10650,9 @@ "epss": [ { "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.0283, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04357, + "date": "2026-03-09" } ] } @@ -10704,8 +10719,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -10753,8 +10768,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -10965,7 +10980,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -11144,107 +11159,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/oss/grype-4.2.0.md b/docs/security/oss/grype-4.2.0.md index e76de2f..4a47c69 100644 --- a/docs/security/oss/grype-4.2.0.md +++ b/docs/security/oss/grype-4.2.0.md @@ -7,20 +7,20 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | --- | --- | --- | --- | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | Critical | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2023-2953](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2953) | High | +| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2004) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006) | High | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005) | High | -| libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | -| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | +| libtasn1-6 | 4.19.0-2+deb12u1 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.36-9+deb12u13 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-10148](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10148) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| fluent-bit | 4.2.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | +| fluent-bit | 4.2.0 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | fluent-bit | 4.2.0 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2026-2003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003) | Medium | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | @@ -33,40 +33,40 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Medium | | libpq5 | 15.14-0+deb12u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30 | 3.7.9-2+deb12u5 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | +| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | -| libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-0725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libgcrypt20 | 1.10.1-3 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.36-9+deb12u13 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.10.1-3 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libcurl4 | 7.88.1-10+deb12u14 | [CVE-2024-2379](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2379) | Negligible | -| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | +| libc6 | 2.36-9+deb12u13 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31438) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31438) | Negligible | | libsystemd0 | 254.26-1~bpo12+1 | [CVE-2023-31439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31439) | Negligible | | systemd | 254.26-1~bpo12+1 | [CVE-2023-31439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31439) | Negligible | | libldap-2.5-0 | 2.5.13+dfsg-5 | [CVE-2017-14159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14159) | Negligible | -| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libgssapi-krb5-2 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libk5crypto3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5-3 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.20.1-2+deb12u4 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | +| libcurl4 | 7.88.1-10+deb12u14 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libssl3 | 3.0.17-1~deb12u3 | [CVE-2025-27587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27587) | Negligible | | gcc-12-base | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | | libatomic1 | 12.2.0-14+deb12u1 | [CVE-2022-27943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27943) | Negligible | diff --git a/docs/security/oss/grype-4.2.1.json b/docs/security/oss/grype-4.2.1.json index 8321044..7aa0d1f 100644 --- a/docs/security/oss/grype-4.2.1.json +++ b/docs/security/oss/grype-4.2.1.json @@ -7,7 +7,7 @@ "namespace": "debian:distro:debian:13", "severity": "Critical", "urls": [], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -25,9 +25,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -57,7 +57,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.6316800000000001 + "risk": 0.9494 }, "relatedVulnerabilities": [ { @@ -72,9 +72,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -92,9 +93,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -193,8 +194,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87837, - "date": "2026-02-23" + "percentile": 0.87877, + "date": "2026-03-09" } ], "cwes": [ @@ -328,8 +329,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87837, - "date": "2026-02-23" + "percentile": 0.87877, + "date": "2026-03-09" } ], "cwes": [ @@ -393,100 +394,105 @@ }, { "vulnerability": { - "id": "CVE-2026-2004", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", + "id": "CVE-2025-69420", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], - "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30295, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2004", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "17.8-0+deb13u1" + "3.5.4-1~deb13u2" ], "state": "fixed", "available": [ { - "version": "17.8-0+deb13u1", - "date": "2026-02-12", + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { - "id": "DSA-6133-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6133-1" + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.093725 + "risk": 0.14925 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-2004", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2026-2004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30295, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2004", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -502,63 +508,92 @@ "version": "13" }, "package": { - "name": "postgresql-17", - "version": "17.6-0+deb13u1" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-2004", - "versionConstraint": "< 17.8-0+deb13u1 (deb)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" }, "fix": { - "suggestedVersion": "17.8-0+deb13u1" + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "4876b68eb369aa41", - "name": "libpq5", - "version": "17.6-0+deb13u1", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "postgresql-17" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2015-3276", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { - "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82309, - "date": "2026-02-23" + "cve": "CVE-2017-17740", + "epss": 0.02871, + "percentile": 0.86062, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -566,27 +601,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08785 + "risk": 0.14355 }, "relatedVulnerabilities": [ { - "id": "CVE-2015-3276", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://rhn.redhat.com/errata/RHSA-2015-2131.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securitytracker.com/id/1034221", - "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -598,7 +634,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -609,10 +645,18 @@ ], "epss": [ { - "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82309, - "date": "2026-02-23" + "cve": "CVE-2017-17740", + "epss": 0.02871, + "percentile": 0.86062, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -633,7 +677,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2015-3276", + "vulnerabilityID": "CVE-2017-17740", "versionConstraint": "none (unknown)" } } @@ -668,90 +712,101 @@ }, { "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "id": "CVE-2026-2004", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [], + "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81831, - "date": "2026-02-23" + "cve": "CVE-2026-2004", + "epss": 0.00115, + "percentile": 0.30109, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-2004", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "17.8-0+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "17.8-0+deb13u1", + "date": "2026-02-12", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.08345000000000001 + "advisories": [ + { + "id": "DSA-6133-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6133-1" + } + ], + "risk": 0.093725 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "id": "CVE-2026-2004", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://www.postgresql.org/support/security/CVE-2026-2004/" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81831, - "date": "2026-02-23" + "cve": "CVE-2026-2004", + "epss": 0.00115, + "percentile": 0.30109, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-2004", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -766,117 +821,63 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "postgresql-17", + "version": "17.6-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-20796", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-2004", + "versionConstraint": "< 17.8-0+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "17.8-0+deb13u1" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "4876b68eb369aa41", + "name": "libpq5", + "version": "17.6-0+deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { - "name": "glibc" + "name": "postgresql-17" } ] } }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2015-3276", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81681, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2015-3276", + "epss": 0.01757, + "percentile": 0.82337, + "date": "2026-03-09" } ], "fix": { @@ -884,28 +885,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08215 + "risk": 0.08785 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "id": "CVE-2015-3276", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "http://rhn.redhat.com/errata/RHSA-2015-2131.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securitytracker.com/id/1034221", + "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -917,7 +917,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -928,18 +928,10 @@ ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81681, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2015-3276", + "epss": 0.01757, + "percentile": 0.82337, + "date": "2026-03-09" } ] } @@ -960,7 +952,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2015-3276", "versionConstraint": "none (unknown)" } } @@ -995,25 +987,25 @@ }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80809, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1023,25 +1015,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.07425000000000001 + "risk": 0.0746 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1053,7 +1048,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1064,16 +1059,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80809, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1090,69 +1085,254 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-20796", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b6ee860d702b8084", - "name": "libgssapi-krb5-2", - "version": "1.21.3-5", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", - "upstreams": [ + }, { - "name": "krb5" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], - "epss": [ + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.07425000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "krb5", + "version": "1.21.3-5" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b6ee860d702b8084", + "name": "libgssapi-krb5-2", + "version": "1.21.3-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1211,8 +1391,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1287,8 +1467,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1347,8 +1527,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1428,8 +1608,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1488,8 +1668,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1577,8 +1757,8 @@ { "cve": "CVE-2026-2006", "epss": 0.00075, - "percentile": 0.22584, - "date": "2026-02-23" + "percentile": 0.22442, + "date": "2026-03-09" } ], "cwes": [ @@ -1638,8 +1818,8 @@ { "cve": "CVE-2026-2006", "epss": 0.00075, - "percentile": 0.22584, - "date": "2026-02-23" + "percentile": 0.22442, + "date": "2026-03-09" } ], "cwes": [ @@ -1730,8 +1910,8 @@ { "cve": "CVE-2026-2005", "epss": 0.00066, - "percentile": 0.20357, - "date": "2026-02-23" + "percentile": 0.20179, + "date": "2026-03-09" } ], "cwes": [ @@ -1791,8 +1971,8 @@ { "cve": "CVE-2026-2005", "epss": 0.00066, - "percentile": 0.20357, - "date": "2026-02-23" + "percentile": 0.20179, + "date": "2026-03-09" } ], "cwes": [ @@ -1859,16 +2039,16 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -1881,16 +2061,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -1914,24 +2094,36 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.0525 + "risk": 0.048749999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -1947,16 +2139,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -1979,7 +2171,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" }, "fix": { @@ -2038,178 +2230,38 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", + "cve": "CVE-2025-69419", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.044250000000000005 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "libtasn1-6", - "version": "4.20.0-2" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "04ef2a4cf087de67", - "name": "libtasn1-6", - "version": "4.20.0-2", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libtasn1-6", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libtasn1-6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1-6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libtasn1-6@4.20.0-2?arch=amd64&distro=debian-13", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", - "namespace": "debian:distro:debian:13", - "severity": "High", - "urls": [], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2233,49 +2285,49 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.044250000000000005 + "risk": 0.045445 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-69419", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2298,7 +2350,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-69419", "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" }, "fix": { @@ -2357,68 +2409,205 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00856, - "percentile": 0.74635, - "date": "2026-02-23" + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", + "cve": "CVE-2025-13151", + "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0428 + "risk": 0.044250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} - }, + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "libtasn1-6", + "version": "4.20.0-2" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "04ef2a4cf087de67", + "name": "libtasn1-6", + "version": "4.20.0-2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libtasn1-6", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libtasn1-6@4.20.0-2?arch=amd64&distro=debian-13", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74743, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.043000000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -2429,16 +2618,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00856, - "percentile": 0.74635, - "date": "2026-02-23" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74743, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", + "cve": "CVE-2019-9192", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -2461,7 +2650,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } @@ -2545,25 +2734,25 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74388, - "date": "2026-02-23" + "cve": "CVE-2019-1010025", + "epss": 0.00856, + "percentile": 0.74696, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -2573,29 +2762,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.04205000000000001 + "risk": 0.0428 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -2603,7 +2795,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -2614,16 +2806,16 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74388, - "date": "2026-02-23" + "cve": "CVE-2019-1010025", + "epss": 0.00856, + "percentile": 0.74696, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -2646,7 +2838,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -2730,105 +2922,95 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:13", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22241, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ - "3.5.4-1~deb13u2" + "17.7-0+deb13u1" ], "state": "fixed", "available": [ { - "version": "3.5.4-1~deb13u2", - "date": "2026-01-27", - "kind": "advisory" + "version": "17.7-0+deb13u1", + "date": "2026-01-19", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.04171999999999999 + "advisories": [], + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22241, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -2844,177 +3026,8 @@ "version": "13" }, "package": { - "name": "openssl", - "version": "3.5.4-1~deb13u1" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-69419", - "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.5.4-1~deb13u2" - } - } - ], - "artifact": { - "id": "cd60076a5535e1af", - "name": "libssl3t64", - "version": "3.5.4-1~deb13u1", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libssl3t64", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libssl3t64/copyright", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/usr/share/doc/libssl3t64/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], - "cpes": [ - "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", - "namespace": "debian:distro:debian:13", - "severity": "Medium", - "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.2238, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "17.7-0+deb13u1" - ], - "state": "fixed", - "available": [ - { - "version": "17.7-0+deb13u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0.040330000000000005 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" - ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.2238, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "postgresql-17", - "version": "17.6-0+deb13u1" + "name": "postgresql-17", + "version": "17.6-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, @@ -3081,8 +3094,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -3129,8 +3142,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -3241,101 +3254,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.037275 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.2.1" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "6601a8043e1f952a", - "name": "fluent-bit", - "version": "4.2.1", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4bfa078bccadedc78bb2a8e41a4c748239725e254bf1f1bf6c590ba55a7dbd96", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.2.1", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2026-22796", @@ -3361,9 +3279,9 @@ "epss": [ { "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ @@ -3393,7 +3311,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.03605 + "risk": 0.039654999999999996 }, "relatedVulnerabilities": [ { @@ -3427,9 +3345,9 @@ "epss": [ { "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ @@ -3517,191 +3435,97 @@ }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70329, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.0323 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70329, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" + ], "package": { - "name": "glibc", - "version": "2.41-12" - }, - "namespace": "debian:distro:debian:13" + "name": "fluent-bit", + "version": "4.2.1" + } }, "found": { - "vulnerabilityID": "CVE-2019-1010024", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", - "type": "deb", + "id": "6601a8043e1f952a", + "name": "fluent-bit", + "version": "4.2.1", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4bfa078bccadedc78bb2a8e41a4c748239725e254bf1f1bf6c590ba55a7dbd96", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.2.1", + "upstreams": [] } }, { @@ -3729,9 +3553,9 @@ "epss": [ { "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ @@ -3756,7 +3580,7 @@ ] }, "advisories": [], - "risk": 0.032155 + "risk": 0.03488000000000001 }, "relatedVulnerabilities": [ { @@ -3789,9 +3613,9 @@ "epss": [ { "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ @@ -3879,97 +3703,191 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70355, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.0323 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" + ], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70355, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "13" + }, "package": { - "name": "fluent-bit", - "version": "4.2.1" - } + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2019-1010024", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "6601a8043e1f952a", - "name": "fluent-bit", - "version": "4.2.1", - "type": "binary", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:4bfa078bccadedc78bb2a8e41a4c748239725e254bf1f1bf6c590ba55a7dbd96", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.2.1", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { @@ -3997,9 +3915,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -4024,7 +3942,7 @@ ] }, "advisories": [], - "risk": 0.026160000000000003 + "risk": 0.02834 }, "relatedVulnerabilities": [ { @@ -4057,9 +3975,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -4147,83 +4065,302 @@ }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66163, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.025750000000000002 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ + "relatedVulnerabilities": [], + "matchDetails": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66163, - "date": "2026-02-23" + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.2.1" } - ], + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "6601a8043e1f952a", + "name": "fluent-bit", + "version": "4.2.1", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:4bfa078bccadedc78bb2a8e41a4c748239725e254bf1f1bf6c590ba55a7dbd96", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.1:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.2.1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67585, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0275 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67585, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "libgcrypt20", + "version": "1.11.0-7" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5826072934743d2f", + "name": "libgcrypt20", + "version": "1.11.0-7", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66224, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.025750000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" + ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66224, + "date": "2026-03-09" + } + ], "cwes": [ { "cve": "CVE-2018-6829", @@ -4305,8 +4442,8 @@ { "cve": "CVE-2026-2003", "epss": 0.00049, - "percentile": 0.15197, - "date": "2026-02-23" + "percentile": 0.14888, + "date": "2026-03-09" } ], "cwes": [ @@ -4366,8 +4503,8 @@ { "cve": "CVE-2026-2003", "epss": 0.00049, - "percentile": 0.15197, - "date": "2026-02-23" + "percentile": 0.14888, + "date": "2026-03-09" } ], "cwes": [ @@ -4458,8 +4595,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20362, - "date": "2026-02-23" + "percentile": 0.20185, + "date": "2026-03-09" } ], "cwes": [ @@ -4514,8 +4651,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20362, - "date": "2026-02-23" + "percentile": 0.20185, + "date": "2026-03-09" } ], "cwes": [ @@ -4606,8 +4743,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00039, - "percentile": 0.11852, - "date": "2026-02-23" + "percentile": 0.11553, + "date": "2026-03-09" } ], "cwes": [ @@ -4655,8 +4792,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00039, - "percentile": 0.11852, - "date": "2026-02-23" + "percentile": 0.11553, + "date": "2026-03-09" } ], "cwes": [ @@ -4720,173 +4857,19 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "3.8.9-3+deb13u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.8.9-3+deb13u2", - "date": "2026-02-18", - "kind": "advisory" - } - ] - }, - "advisories": [ - { - "id": "DSA-6140-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" - } - ], - "risk": 0.020085 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" - ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "gnutls28", - "version": "3.8.9-3" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "< 3.8.9-3+deb13u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.8.9-3+deb13u2" - } - } - ], - "artifact": { - "id": "0e0d3baf82fb14d6", - "name": "libgnutls30t64", - "version": "3.8.9-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30t64", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59824, - "date": "2026-02-23" + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59883, + "date": "2026-03-09" } ], "cwes": [ @@ -4937,8 +4920,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00394, - "percentile": 0.59824, - "date": "2026-02-23" + "percentile": 0.59883, + "date": "2026-03-09" } ], "cwes": [ @@ -5051,86 +5034,103 @@ }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2025-14831", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00322, - "percentile": 0.54833, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.8.9-3+deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.8.9-3+deb13u2", + "date": "2026-02-18", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0161 + "advisories": [ + { + "id": "DSA-6140-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" + } + ], + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00322, - "percentile": 0.54833, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5145,19 +5145,157 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "gnutls28", + "version": "3.8.9-3" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 3.8.9-3+deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.8.9-3+deb13u2" } } ], "artifact": { - "id": "2cb52e846633a3fb", + "id": "0e0d3baf82fb14d6", + "name": "libgnutls30t64", + "version": "3.8.9-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgnutls30t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", + "upstreams": [ + { + "name": "gnutls28" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54089, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54089, + "date": "2026-03-09" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", "name": "libc6", "version": "2.41-12", "type": "deb", @@ -5259,8 +5397,8 @@ { "cve": "CVE-2025-14524", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -5309,8 +5447,8 @@ { "cve": "CVE-2025-14524", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -5398,8 +5536,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -5446,8 +5584,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -5558,130 +5696,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44529, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011100000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44529, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "libgcrypt20", - "version": "1.11.0-7" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5826072934743d2f", - "name": "libgcrypt20", - "version": "1.11.0-7", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2020-15719", @@ -5695,8 +5709,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43918, - "date": "2026-02-23" + "percentile": 0.43824, + "date": "2026-03-09" } ], "cwes": [ @@ -5760,8 +5774,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43918, - "date": "2026-02-23" + "percentile": 0.43824, + "date": "2026-03-09" } ], "cwes": [ @@ -5835,9 +5849,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5853,7 +5867,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -5883,9 +5897,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5968,9 +5982,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5986,7 +6000,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6016,9 +6030,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6092,9 +6106,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6110,7 +6124,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6140,9 +6154,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6221,9 +6235,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6239,7 +6253,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6269,9 +6283,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6358,9 +6372,9 @@ "epss": [ { "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ @@ -6390,7 +6404,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.007874999999999998 + "risk": 0.008925 }, "relatedVulnerabilities": [ { @@ -6424,9 +6438,9 @@ "epss": [ { "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ @@ -6514,105 +6528,99 @@ }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "cve": "CVE-2023-31437", + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "3.5.4-1~deb13u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.5.4-1~deb13u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.00679 + "advisories": [], + "risk": 0.008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "cve": "CVE-2023-31437", + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -6628,92 +6636,74 @@ "version": "13" }, "package": { - "name": "openssl", - "version": "3.5.4-1~deb13u1" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.5.4-1~deb13u2" + "vulnerabilityID": "CVE-2023-31437", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd60076a5535e1af", - "name": "libssl3t64", - "version": "3.5.4-1~deb13u1", + "id": "4f3b916d8498c51d", + "name": "libsystemd0", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3t64", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3t64/copyright", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/usr/share/doc/libssl3t64/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { - "name": "openssl" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.32792, - "date": "2026-02-23" + "cve": "CVE-2023-31437", + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6721,68 +6711,73 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00655 + "risk": 0.008 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.32792, - "date": "2026-02-23" + "cve": "CVE-2023-31437", + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6790,189 +6785,326 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010022", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "8105926f22d394d9", + "name": "systemd", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@257.9-1~deb13u1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-68160", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", + "namespace": "debian:distro:debian:13", + "severity": "Medium", + "urls": [], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00776 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2025-11187", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-11187", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", - "cvss": [], + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations. When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference. Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity. The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue. OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" }, { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" }, { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -6988,74 +7120,92 @@ "version": "13" }, "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31437", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "4f3b916d8498c51d", - "name": "libsystemd0", - "version": "257.9-1~deb13u1", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "systemd" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3258, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { @@ -7063,73 +7213,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3258, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -7137,147 +7282,178 @@ "version": "13" }, "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8105926f22d394d9", - "name": "systemd", - "version": "257.9-1~deb13u1", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@257.9-1~deb13u1", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-11187", + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations. When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference. Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity. The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue. OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], - "fix": { - "versions": [ - "3.5.4-1~deb13u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.5.4-1~deb13u2", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.006104999999999999 + "risk": 0.006360000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -7293,46 +7469,43 @@ "version": "13" }, "package": { - "name": "openssl", - "version": "3.5.4-1~deb13u1" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.5.4-1~deb13u2" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd60076a5535e1af", - "name": "libssl3t64", - "version": "3.5.4-1~deb13u1", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3t64", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3t64/copyright", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/usr/share/doc/libssl3t64/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -7340,18 +7513,46 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" ], "cpes": [ - "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } @@ -7368,9 +7569,9 @@ "epss": [ { "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ @@ -7386,7 +7587,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00625 }, "relatedVulnerabilities": [ { @@ -7418,9 +7619,9 @@ "epss": [ { "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ @@ -7494,9 +7695,9 @@ "epss": [ { "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ @@ -7512,7 +7713,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00625 }, "relatedVulnerabilities": [ { @@ -7544,9 +7745,9 @@ "epss": [ { "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ @@ -7561,141 +7762,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2023-31438", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "8105926f22d394d9", - "name": "systemd", - "version": "257.9-1~deb13u1", - "type": "deb", - "locations": [ - { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/systemd@257.9-1~deb13u1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", - "namespace": "debian:distro:debian:13", - "severity": "High", - "urls": [], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-0861", - "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.00477 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" - ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-0861", - "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -7703,92 +7770,39 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "8105926f22d394d9", + "name": "systemd", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/systemd@257.9-1~deb13u1", + "upstreams": [] } }, { @@ -7803,9 +7817,9 @@ "epss": [ { "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ @@ -7821,7 +7835,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00585 }, "relatedVulnerabilities": [ { @@ -7853,9 +7867,9 @@ "epss": [ { "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ @@ -7929,9 +7943,9 @@ "epss": [ { "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ @@ -7947,7 +7961,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00585 }, "relatedVulnerabilities": [ { @@ -7979,9 +7993,9 @@ "epss": [ { "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ @@ -8041,87 +8055,102 @@ }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", - "cvss": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00092, - "percentile": 0.25901, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.8.9-3+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "3.8.9-3+deb13u1", + "date": "2026-01-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.004600000000000001 + "risk": 0.00495 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, - "impactScore": 2.9 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00092, - "percentile": 0.25901, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8136,27 +8165,30 @@ "version": "13" }, "package": { - "name": "openldap", - "version": "2.6.10+dfsg-1" + "name": "gnutls28", + "version": "3.8.9-3" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2017-14159", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 3.8.9-3+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "3.8.9-3+deb13u1" } } ], "artifact": { - "id": "46230cf5226e2e82", - "name": "libldap2", - "version": "2.6.10+dfsg-1", + "id": "0e0d3baf82fb14d6", + "name": "libgnutls30t64", + "version": "3.8.9-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap2", + "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libldap2", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } @@ -8165,112 +8197,98 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", + "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { - "name": "openldap" + "name": "gnutls28" } ] } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2017-14159", + "epss": 0.00092, + "percentile": 0.25756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "3.8.9-3+deb13u1" - ], - "state": "fixed", - "available": [ - { - "version": "3.8.9-3+deb13u1", - "date": "2026-01-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.0045000000000000005 + "risk": 0.004600000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.9, + "exploitabilityScore": 3.4, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2017-14159", + "epss": 0.00092, + "percentile": 0.25756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -8286,30 +8304,27 @@ "version": "13" }, "package": { - "name": "gnutls28", - "version": "3.8.9-3" + "name": "openldap", + "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "< 3.8.9-3+deb13u1 (deb)" - }, - "fix": { - "suggestedVersion": "3.8.9-3+deb13u1" + "vulnerabilityID": "CVE-2017-14159", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0e0d3baf82fb14d6", - "name": "libgnutls30t64", - "version": "3.8.9-3", + "id": "46230cf5226e2e82", + "name": "libldap2", + "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgnutls30t64", + "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", + "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } @@ -8318,12 +8333,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", + "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { - "name": "gnutls28" + "name": "openldap" } ] } @@ -8354,8 +8369,8 @@ { "cve": "CVE-2025-13034", "epss": 0.00008, - "percentile": 0.00625, - "date": "2026-02-23" + "percentile": 0.00651, + "date": "2026-03-09" } ], "cwes": [ @@ -8402,8 +8417,8 @@ { "cve": "CVE-2025-13034", "epss": 0.00008, - "percentile": 0.00625, - "date": "2026-02-23" + "percentile": 0.00651, + "date": "2026-03-09" } ], "cwes": [ @@ -8467,25 +8482,25 @@ }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00072, - "percentile": 0.21926, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -8495,47 +8510,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0036 + "risk": 0.00405 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-15224.html", - "https://curl.se/docs/CVE-2025-15224.json", - "https://hackerone.com/reports/3480925", - "http://www.openwall.com/lists/oss-security/2026/01/07/7" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00072, - "percentile": 0.21926, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -8552,27 +8565,27 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "b6ee860d702b8084", + "name": "libgssapi-krb5-2", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -8581,114 +8594,95 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8704,60 +8698,41 @@ "version": "13" }, "package": { - "name": "zlib", - "version": "1:1.3.dfsg+really1.3.1-1" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9624b8abfaf8a472", - "name": "zlib1g", - "version": "1:1.3.dfsg+really1.3.1-1+b1", + "id": "52ef833c1503e21a", + "name": "libk5crypto3", + "version": "1.21.3-5", "type": "deb", "locations": [ - { - "path": "/var/lib/dpkg/status.d/zlib1g", - "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/zlib1g", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/zlib1g/copyright", - "layerID": "sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0", - "accessPath": "/usr/share/doc/zlib1g/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/zlib1g.md5sums", - "layerID": "sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0", - "accessPath": "/var/lib/dpkg/status.d/zlib1g.md5sums", + { + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { - "evidence": "supporting" + "evidence": "primary" } } ], "language": "", - "licenses": [ - "Zlib" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:zlib1g:zlib1g:1\\:1.3.dfsg\\+really1.3.1-1\\+b1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/zlib1g@1%3A1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64&distro=debian-13&upstream=zlib%401%3A1.3.dfsg%2Breally1.3.1-1", + "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "zlib", - "version": "1:1.3.dfsg+really1.3.1-1" + "name": "krb5" } ] } @@ -8774,9 +8749,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8792,7 +8767,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8822,9 +8797,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8859,15 +8834,15 @@ } ], "artifact": { - "id": "b6ee860d702b8084", - "name": "libgssapi-krb5-2", + "id": "d4c94f2fc66f3184", + "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -8876,18 +8851,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -8907,9 +8878,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8925,7 +8896,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8955,9 +8926,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8992,15 +8963,15 @@ } ], "artifact": { - "id": "52ef833c1503e21a", - "name": "libk5crypto3", + "id": "56fc39be304d53f0", + "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -9009,9 +8980,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -9021,25 +8992,25 @@ }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2025-15224", + "epss": 0.00072, + "percentile": 0.21754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -9049,45 +9020,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.0036 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2025-15224", + "epss": 0.00072, + "percentile": 0.21754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -9104,27 +9077,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d4c94f2fc66f3184", - "name": "libkrb5-3", - "version": "1.21.3-5", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } @@ -9133,91 +9106,114 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2026-27171", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", - "cvss": [], + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], "risk": 0.00315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9233,41 +9229,60 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "zlib", + "version": "1:1.3.dfsg+really1.3.1-1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2026-27171", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "56fc39be304d53f0", - "name": "libkrb5support0", - "version": "1.21.3-5", + "id": "9624b8abfaf8a472", + "name": "zlib1g", + "version": "1:1.3.dfsg+really1.3.1-1+b1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/zlib1g", "layerID": "sha256:01f300abc7fddb4f6588d3f2de4f3c08c20226c26ccec68a73ec8c60a8328af8", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/zlib1g", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/zlib1g/copyright", + "layerID": "sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0", + "accessPath": "/usr/share/doc/zlib1g/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/zlib1g.md5sums", + "layerID": "sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0", + "accessPath": "/var/lib/dpkg/status.d/zlib1g.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Zlib" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:zlib1g:zlib1g:1\\:1.3.dfsg\\+really1.3.1-1\\+b1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/zlib1g@1%3A1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64&distro=debian-13&upstream=zlib%401%3A1.3.dfsg%2Breally1.3.1-1", "upstreams": [ { - "name": "krb5" + "name": "zlib", + "version": "1:1.3.dfsg+really1.3.1-1" } ] } @@ -9297,9 +9312,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -9324,7 +9339,7 @@ ] }, "advisories": [], - "risk": 0.002625 + "risk": 0.00315 }, "relatedVulnerabilities": [ { @@ -9355,9 +9370,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -9469,8 +9484,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ @@ -9535,8 +9550,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ @@ -9635,8 +9650,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -9702,8 +9717,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -9784,8 +9799,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -9851,8 +9866,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -9929,8 +9944,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -9979,8 +9994,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -10055,8 +10070,8 @@ { "cve": "CVE-2026-22185", "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ @@ -10110,8 +10125,8 @@ { "cve": "CVE-2026-22185", "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ @@ -10191,9 +10206,9 @@ "epss": [ { "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.0283, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04357, + "date": "2026-03-09" } ], "fix": { @@ -10201,7 +10216,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0007499999999999999 + "risk": 0.0009 }, "relatedVulnerabilities": [ { @@ -10234,9 +10249,9 @@ "epss": [ { "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.0283, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04357, + "date": "2026-03-09" } ] } @@ -10303,8 +10318,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -10352,8 +10367,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -10574,7 +10589,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -10753,107 +10768,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/oss/grype-4.2.1.md b/docs/security/oss/grype-4.2.1.md index 980d68f..f311dfb 100644 --- a/docs/security/oss/grype-4.2.1.md +++ b/docs/security/oss/grype-4.2.1.md @@ -6,22 +6,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | Critical | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2026-2004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2004) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2026-2006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2026-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005) | High | -| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | -| libtasn1-6 | 4.20.0-2 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | +| libtasn1-6 | 4.20.0-2 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libc6 | 2.41-12 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.41-12 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.41-12 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| fluent-bit | 4.2.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | +| fluent-bit | 4.2.1 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Medium | -| fluent-bit | 4.2.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Medium | +| fluent-bit | 4.2.1 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 17.6-0+deb13u1 | [CVE-2026-2003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003) | Medium | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libgnutls30t64 | 3.8.9-3 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | @@ -36,38 +36,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Medium | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30t64 | 3.8.9-3 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | +| libldap2 | 2.6.10+dfsg-1 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | | libc6 | 2.41-12 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | -| libldap2 | 2.6.10+dfsg-1 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libgssapi-krb5-2 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | -| libc6 | 2.41-12 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.41-12 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | +| libc6 | 2.41-12 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libgcrypt20 | 1.11.0-7 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libgcrypt20 | 1.11.0-7 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.41-12 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.11.0-7 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | -| libc6 | 2.41-12 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 257.9-1~deb13u1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 257.9-1~deb13u1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | +| libc6 | 2.41-12 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 257.9-1~deb13u1 | [CVE-2023-31438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31438) | Negligible | | systemd | 257.9-1~deb13u1 | [CVE-2023-31438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31438) | Negligible | | libsystemd0 | 257.9-1~deb13u1 | [CVE-2023-31439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31439) | Negligible | | systemd | 257.9-1~deb13u1 | [CVE-2023-31439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31439) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2017-14159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14159) | Negligible | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libgssapi-krb5-2 | 1.21.3-5 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libk5crypto3 | 1.21.3-5 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5-3 | 1.21.3-5 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.21.3-5 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libsystemd0 | 257.9-1~deb13u1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 257.9-1~deb13u1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible | diff --git a/docs/security/oss/grype-4.2.2.json b/docs/security/oss/grype-4.2.2.json index 62a8a39..0f3a0cd 100644 --- a/docs/security/oss/grype-4.2.2.json +++ b/docs/security/oss/grype-4.2.2.json @@ -7,7 +7,7 @@ "namespace": "debian:distro:debian:13", "severity": "Critical", "urls": [], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable. Because the overflow occurs prior to authentication, no valid key material is required to trigger it. While exploitability to remote code execution depends on platform and toolchain mitigations, the stack-based write primitive represents a severe risk. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue. OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -25,9 +25,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -57,7 +57,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.6316800000000001 + "risk": 0.9494 }, "relatedVulnerabilities": [ { @@ -72,9 +72,10 @@ "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://openssl-library.org/news/secadv/20260127.txt", - "http://www.openwall.com/lists/oss-security/2026/01/27/10" + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6" ], - "description": "Issue summary: Parsing CMS AuthEnvelopedData message with maliciously\ncrafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", @@ -92,9 +93,9 @@ "epss": [ { "cve": "CVE-2025-15467", - "epss": 0.00672, - "percentile": 0.71001, - "date": "2026-02-23" + "epss": 0.0101, + "percentile": 0.7681, + "date": "2026-03-09" } ], "cwes": [ @@ -193,8 +194,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87837, - "date": "2026-02-23" + "percentile": 0.87877, + "date": "2026-03-09" } ], "cwes": [ @@ -328,8 +329,8 @@ { "cve": "CVE-2011-3389", "epss": 0.03795, - "percentile": 0.87837, - "date": "2026-02-23" + "percentile": 0.87877, + "date": "2026-03-09" } ], "cwes": [ @@ -393,100 +394,105 @@ }, { "vulnerability": { - "id": "CVE-2026-2004", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", + "id": "CVE-2025-69420", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], - "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30295, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2004", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { "versions": [ - "17.8-0+deb13u1" + "3.5.4-1~deb13u2" ], "state": "fixed", "available": [ { - "version": "17.8-0+deb13u1", - "date": "2026-02-12", + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", "kind": "advisory" } ] }, "advisories": [ { - "id": "DSA-6133-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6133-1" + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.093725 + "risk": 0.14925 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-2004", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", + "id": "CVE-2025-69420", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://www.postgresql.org/support/security/CVE-2026-2004/" + "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", + "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", + "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", + "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", + "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-2004", - "epss": 0.00115, - "percentile": 0.30295, - "date": "2026-02-23" + "cve": "CVE-2025-69420", + "epss": 0.00199, + "percentile": 0.41813, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-2004", - "cwe": "CWE-1287", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "cve": "CVE-2025-69420", + "cwe": "CWE-754", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -502,63 +508,92 @@ "version": "13" }, "package": { - "name": "postgresql-17", - "version": "17.6-0+deb13u1" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-2004", - "versionConstraint": "< 17.8-0+deb13u1 (deb)" + "vulnerabilityID": "CVE-2025-69420", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" }, "fix": { - "suggestedVersion": "17.8-0+deb13u1" + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "4876b68eb369aa41", - "name": "libpq5", - "version": "17.6-0+deb13u1", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libpq5", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libpq5", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "postgresql-17" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2015-3276", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", + "id": "CVE-2017-17740", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [], "epss": [ { - "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82309, - "date": "2026-02-23" + "cve": "CVE-2017-17740", + "epss": 0.02871, + "percentile": 0.86062, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { @@ -566,27 +601,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08785 + "risk": 0.14355 }, "relatedVulnerabilities": [ { - "id": "CVE-2015-3276", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", + "id": "CVE-2017-17740", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://rhn.redhat.com/errata/RHSA-2015-2131.html", - "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", - "http://www.securitytracker.com/id/1034221", - "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", + "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", + "http://www.openldap.org/its/index.cgi/Incoming?id=8759", + "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", + "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -598,7 +634,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -609,10 +645,18 @@ ], "epss": [ { - "cve": "CVE-2015-3276", - "epss": 0.01757, - "percentile": 0.82309, - "date": "2026-02-23" + "cve": "CVE-2017-17740", + "epss": 0.02871, + "percentile": 0.86062, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2017-17740", + "cwe": "CWE-119", + "source": "nvd@nist.gov", + "type": "Primary" } ] } @@ -633,7 +677,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2015-3276", + "vulnerabilityID": "CVE-2017-17740", "versionConstraint": "none (unknown)" } } @@ -668,90 +712,101 @@ }, { "vulnerability": { - "id": "CVE-2018-20796", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", + "id": "CVE-2026-2004", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-2004", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", - "cvss": [], + "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", + "cvss": [ + { + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81831, - "date": "2026-02-23" + "cve": "CVE-2026-2004", + "epss": 0.00115, + "percentile": 0.30109, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-2004", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "17.8-0+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "17.8-0+deb13u1", + "date": "2026-02-12", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.08345000000000001 + "advisories": [ + { + "id": "DSA-6133-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6133-1" + } + ], + "risk": 0.093725 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-20796", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", + "id": "CVE-2026-2004", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-2004", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://www.securityfocus.com/bid/107160", - "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "https://security.netapp.com/advisory/ntap-20190315-0002/", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://www.postgresql.org/support/security/CVE-2026-2004/" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", + "description": "Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 }, "vendorMetadata": {} - }, + } + ], + "epss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-20796", - "epss": 0.01669, - "percentile": 0.81831, - "date": "2026-02-23" + "cve": "CVE-2026-2004", + "epss": 0.00115, + "percentile": 0.30109, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-20796", - "cwe": "CWE-674", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2026-2004", + "cwe": "CWE-1287", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "type": "Secondary" } ] } @@ -766,117 +821,63 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "postgresql-17", + "version": "17.6-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-20796", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2026-2004", + "versionConstraint": "< 17.8-0+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "17.8-0+deb13u1" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "4876b68eb369aa41", + "name": "libpq5", + "version": "17.6-0+deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/var/lib/dpkg/status.d/libpq5", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libpq5", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libpq5:libpq5:17.6-0\\+deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libpq5@17.6-0%2Bdeb13u1?arch=amd64&distro=debian-13&upstream=postgresql-17", "upstreams": [ { - "name": "glibc" + "name": "postgresql-17" } ] } }, { "vulnerability": { - "id": "CVE-2017-17740", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-17740", + "id": "CVE-2015-3276", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2015-3276", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81681, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2015-3276", + "epss": 0.01757, + "percentile": 0.82337, + "date": "2026-03-09" } ], "fix": { @@ -884,28 +885,27 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.08215 + "risk": 0.08785 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-17740", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-17740", + "id": "CVE-2015-3276", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2015-3276", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html", - "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html", - "http://www.openldap.org/its/index.cgi/Incoming?id=8759", - "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "http://rhn.redhat.com/errata/RHSA-2015-2131.html", + "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", + "http://www.securitytracker.com/id/1034221", + "https://bugzilla.redhat.com/show_bug.cgi?id=1238322" ], - "description": "contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.", + "description": "The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -917,7 +917,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -928,18 +928,10 @@ ], "epss": [ { - "cve": "CVE-2017-17740", - "epss": 0.01643, - "percentile": 0.81681, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2017-17740", - "cwe": "CWE-119", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2015-3276", + "epss": 0.01757, + "percentile": 0.82337, + "date": "2026-03-09" } ] } @@ -960,7 +952,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2017-17740", + "vulnerabilityID": "CVE-2015-3276", "versionConstraint": "none (unknown)" } } @@ -995,25 +987,25 @@ }, { "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "id": "CVE-2018-20796", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80809, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1023,25 +1015,28 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.07425000000000001 + "risk": 0.0746 }, "relatedVulnerabilities": [ { - "id": "CVE-2018-5709", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "id": "CVE-2018-20796", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-20796", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", - "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + "http://www.securityfocus.com/bid/107160", + "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "https://security.netapp.com/advisory/ntap-20190315-0002/", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" ], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { "baseScore": 7.5, "exploitabilityScore": 3.9, @@ -1053,7 +1048,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -1064,16 +1059,16 @@ ], "epss": [ { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "cve": "CVE-2018-20796", + "epss": 0.01492, + "percentile": 0.80809, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-5709", - "cwe": "CWE-190", + "cve": "CVE-2018-20796", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -1090,69 +1085,254 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2018-5709", + "vulnerabilityID": "CVE-2018-20796", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "b6ee860d702b8084", - "name": "libgssapi-krb5-2", - "version": "1.21.3-5", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", - "upstreams": [ + }, { - "name": "krb5" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2018-5709", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", - "cvss": [], - "epss": [ + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, { - "cve": "CVE-2018-5709", - "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], + "cpes": [ + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.07425000000000001 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-5709", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-5709", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow", + "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E" + ], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-5709", + "cwe": "CWE-190", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "krb5", + "version": "1.21.3-5" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2018-5709", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "b6ee860d702b8084", + "name": "libgssapi-krb5-2", + "version": "1.21.3-5", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "upstreams": [ + { + "name": "krb5" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2018-5709", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-5709", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry->n_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-5709", + "epss": 0.01485, + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1211,8 +1391,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1287,8 +1467,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1347,8 +1527,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1428,8 +1608,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1488,8 +1668,8 @@ { "cve": "CVE-2018-5709", "epss": 0.01485, - "percentile": 0.80751, - "date": "2026-02-23" + "percentile": 0.80765, + "date": "2026-03-09" } ], "cwes": [ @@ -1577,8 +1757,8 @@ { "cve": "CVE-2026-2006", "epss": 0.00075, - "percentile": 0.22584, - "date": "2026-02-23" + "percentile": 0.22442, + "date": "2026-03-09" } ], "cwes": [ @@ -1638,8 +1818,8 @@ { "cve": "CVE-2026-2006", "epss": 0.00075, - "percentile": 0.22584, - "date": "2026-02-23" + "percentile": 0.22442, + "date": "2026-03-09" } ], "cwes": [ @@ -1730,8 +1910,8 @@ { "cve": "CVE-2026-2005", "epss": 0.00066, - "percentile": 0.20357, - "date": "2026-02-23" + "percentile": 0.20179, + "date": "2026-03-09" } ], "cwes": [ @@ -1791,8 +1971,8 @@ { "cve": "CVE-2026-2005", "epss": 0.00066, - "percentile": 0.20357, - "date": "2026-02-23" + "percentile": 0.20179, + "date": "2026-03-09" } ], "cwes": [ @@ -1859,16 +2039,16 @@ }, { "vulnerability": { - "id": "CVE-2025-69420", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An application calling TS_RESP_verify_response() with a malformed TimeStamp Response can be caused to dereference an invalid or NULL pointer when reading, resulting in a Denial of Service. The functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2() access the signing cert attribute value without validating its type. When the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory through the ASN1_TYPE union, causing a crash. Exploiting this vulnerability requires an attacker to provide a malformed TimeStamp Response to an application that verifies timestamp responses. The TimeStamp protocol (RFC 3161) is not widely used and the impact of the exploit is just a Denial of Service. For these reasons the issue was assessed as Low severity. The FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the TimeStamp Response implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { @@ -1881,16 +2061,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -1914,24 +2094,36 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.0525 + "risk": 0.048749999999999995 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69420", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69420", + "id": "CVE-2025-69421", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/27c7012c91cc986a598d7540f3079dfde2416eb9", - "https://github.com/openssl/openssl/commit/4e254b48ad93cc092be3dd62d97015f33f73133a", - "https://github.com/openssl/openssl/commit/564fd9c73787f25693bf9e75faf7bf6bb1305d4e", - "https://github.com/openssl/openssl/commit/5eb0770ffcf11b785cf374ff3c19196245e54f1b", - "https://github.com/openssl/openssl/commit/a99349ebfc519999edc50620abe24d599b9eb085", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: A type confusion vulnerability exists in the TimeStamp Response\nverification code where an ASN1_TYPE union member is accessed without first\nvalidating the type, causing an invalid or NULL pointer dereference when\nprocessing a malformed TimeStamp Response file.\n\nImpact summary: An application calling TS_RESP_verify_response() with a\nmalformed TimeStamp Response can be caused to dereference an invalid or\nNULL pointer when reading, resulting in a Denial of Service.\n\nThe functions ossl_ess_get_signing_cert() and ossl_ess_get_signing_cert_v2()\naccess the signing cert attribute value without validating its type.\nWhen the type is not V_ASN1_SEQUENCE, this results in accessing invalid memory\nthrough the ASN1_TYPE union, causing a crash.\n\nExploiting this vulnerability requires an attacker to provide a malformed\nTimeStamp Response to an application that verifies timestamp responses. The\nTimeStamp protocol (RFC 3161) is not widely used and the impact of the\nexploit is just a Denial of Service. For these reasons the issue was\nassessed as Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the TimeStamp Response implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -1947,16 +2139,16 @@ ], "epss": [ { - "cve": "CVE-2025-69420", - "epss": 0.0007, - "percentile": 0.21337, - "date": "2026-02-23" + "cve": "CVE-2025-69421", + "epss": 0.00065, + "percentile": 0.19862, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69420", - "cwe": "CWE-754", + "cve": "CVE-2025-69421", + "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -1979,7 +2171,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-69420", + "vulnerabilityID": "CVE-2025-69421", "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" }, "fix": { @@ -2038,178 +2230,38 @@ }, { "vulnerability": { - "id": "CVE-2025-13151", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", + "id": "CVE-2025-69419", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", "namespace": "debian:distro:debian:13", "severity": "High", "urls": [], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-13151", + "cve": "CVE-2025-69419", "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.044250000000000005 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-13151", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://gitlab.com/gnutls/libtasn1", - "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", - "http://www.openwall.com/lists/oss-security/2026/01/08/5", - "https://www.kb.cert.org/vuls/id/271649" - ], - "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-13151", - "epss": 0.00059, - "percentile": 0.18614, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-13151", - "cwe": "CWE-787", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "libtasn1-6", - "version": "4.20.0-2" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-13151", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "04ef2a4cf087de67", - "name": "libtasn1-6", - "version": "4.20.0-2", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libtasn1-6", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libtasn1-6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1-6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1_6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", - "cpe:2.3:a:libtasn1:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libtasn1-6@4.20.0-2?arch=amd64&distro=debian-13", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2025-69421", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69421", - "namespace": "debian:distro:debian:13", - "severity": "High", - "urls": [], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the PKCS12_item_decrypt_d2i_ex() function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS#12 files. The PKCS12_item_decrypt_d2i_ex() function does not check whether the oct parameter is NULL before dereferencing it. When called from PKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can be NULL, causing a crash. The vulnerability is limited to Denial of Service and cannot be escalated to achieve code execution or memory disclosure. Exploiting this issue requires an attacker to provide a malformed PKCS#12 file to an application that processes it. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2233,49 +2285,49 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.044250000000000005 + "risk": 0.045445 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69421", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "id": "CVE-2025-69419", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "namespace": "nvd:cpe", "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", - "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", - "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", - "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", - "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 7.4, + "exploitabilityScore": 2.3, + "impactScore": 5.2 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69421", - "epss": 0.00059, - "percentile": 0.1853, - "date": "2026-02-23" + "cve": "CVE-2025-69419", + "epss": 0.00061, + "percentile": 0.18856, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69421", - "cwe": "CWE-476", + "cve": "CVE-2025-69419", + "cwe": "CWE-787", "source": "openssl-security@openssl.org", "type": "Secondary" } @@ -2298,7 +2350,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-69421", + "vulnerabilityID": "CVE-2025-69419", "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" }, "fix": { @@ -2357,68 +2409,205 @@ }, { "vulnerability": { - "id": "CVE-2019-1010025", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "id": "CVE-2025-13151", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-13151", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "High", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", - "cvss": [], + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00856, - "percentile": 0.74635, - "date": "2026-02-23" + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", + "cve": "CVE-2025-13151", + "cwe": "CWE-787", "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], - "risk": 0.0428 + "risk": 0.044250000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010025", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", + "id": "CVE-2025-13151", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010025", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010025" + "https://gitlab.com/gnutls/libtasn1", + "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121", + "http://www.openwall.com/lists/oss-security/2026/01/08/5", + "https://www.kb.cert.org/vuls/id/271649" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", + "description": "Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 7.5, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 3.6 }, "vendorMetadata": {} - }, + } + ], + "epss": [ + { + "cve": "CVE-2025-13151", + "epss": 0.00059, + "percentile": 0.18364, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-13151", + "cwe": "CWE-787", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "libtasn1-6", + "version": "4.20.0-2" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-13151", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "04ef2a4cf087de67", + "name": "libtasn1-6", + "version": "4.20.0-2", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libtasn1-6", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libtasn1-6", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libtasn1-6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1-6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1_6:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1-6:4.20.0-2:*:*:*:*:*:*:*", + "cpe:2.3:a:libtasn1:libtasn1_6:4.20.0-2:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libtasn1-6@4.20.0-2?arch=amd64&distro=debian-13", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2019-9192", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74743, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2019-9192", + "cwe": "CWE-674", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.043000000000000003 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-9192", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", + "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + ], + "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, { "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -2429,16 +2618,16 @@ ], "epss": [ { - "cve": "CVE-2019-1010025", - "epss": 0.00856, - "percentile": 0.74635, - "date": "2026-02-23" + "cve": "CVE-2019-9192", + "epss": 0.0086, + "percentile": 0.74743, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010025", - "cwe": "CWE-330", + "cve": "CVE-2019-9192", + "cwe": "CWE-674", "source": "nvd@nist.gov", "type": "Primary" } @@ -2461,7 +2650,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010025", + "vulnerabilityID": "CVE-2019-9192", "versionConstraint": "none (unknown)" } } @@ -2545,25 +2734,25 @@ }, { "vulnerability": { - "id": "CVE-2019-9192", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74388, - "date": "2026-02-23" + "cve": "CVE-2019-1010025", + "epss": 0.00856, + "percentile": 0.74696, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -2573,29 +2762,32 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.04205000000000001 + "risk": 0.0428 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-9192", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-9192", + "id": "CVE-2019-1010025", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010025", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", - "https://support.f5.com/csp/article/K26346590?utm_source=f5support&%3Butm_medium=RSS" + "https://security-tracker.debian.org/tracker/CVE-2019-1010025", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22853", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010025" ], - "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "metrics": { - "baseScore": 7.5, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.5 }, "vendorMetadata": {} }, @@ -2603,7 +2795,7 @@ "source": "nvd@nist.gov", "type": "Primary", "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "metrics": { "baseScore": 5, "exploitabilityScore": 10, @@ -2614,16 +2806,16 @@ ], "epss": [ { - "cve": "CVE-2019-9192", - "epss": 0.00841, - "percentile": 0.74388, - "date": "2026-02-23" + "cve": "CVE-2019-1010025", + "epss": 0.00856, + "percentile": 0.74696, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-9192", - "cwe": "CWE-674", + "cve": "CVE-2019-1010025", + "cwe": "CWE-330", "source": "nvd@nist.gov", "type": "Primary" } @@ -2646,7 +2838,7 @@ "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-9192", + "vulnerabilityID": "CVE-2019-1010025", "versionConstraint": "none (unknown)" } } @@ -2730,105 +2922,95 @@ }, { "vulnerability": { - "id": "CVE-2025-69419", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-69419", + "id": "CVE-2025-12818", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", "namespace": "debian:distro:debian:13", - "severity": "High", + "severity": "Medium", "urls": [], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service. The OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12 BMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes, the helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16 source byte count as the destination buffer capacity to UTF8_putc(). For BMP code points above U+07FF, UTF-8 requires three bytes, but the forwarded capacity can be just two bytes. UTF8_putc() then returns -1, and this negative value is added to the output length without validation, causing the length to become negative. The subsequent trailing NUL byte is then written at a negative offset, causing write outside of heap allocated buffer. The vulnerability is reachable via the public PKCS12_get_friendlyname() API when parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a different code path that avoids this issue, PKCS12_get_friendlyname() directly invokes the vulnerable function. Exploitation requires an attacker to provide a malicious PKCS#12 file to be parsed by the application and the attacker can just trigger a one zero byte write before the allocated buffer. For that reason the issue was assessed as Low severity according to our Security Policy. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the PKCS#12 implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue. OpenSSL 1.0.2 is not affected by this issue.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22241, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ], "fix": { "versions": [ - "3.5.4-1~deb13u2" + "17.7-0+deb13u1" ], "state": "fixed", "available": [ { - "version": "3.5.4-1~deb13u2", - "date": "2026-01-27", - "kind": "advisory" + "version": "17.7-0+deb13u1", + "date": "2026-01-19", + "kind": "first-observed" } ] }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.04171999999999999 + "advisories": [], + "risk": 0.040330000000000005 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-69419", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "id": "CVE-2025-12818", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", - "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", - "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", - "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", - "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://www.postgresql.org/support/security/CVE-2025-12818/" ], - "description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.4, + "baseScore": 5.9, "exploitabilityScore": 2.3, - "impactScore": 5.2 + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-69419", - "epss": 0.00056, - "percentile": 0.17516, - "date": "2026-02-23" + "cve": "CVE-2025-12818", + "epss": 0.00074, + "percentile": 0.22241, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-69419", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2025-12818", + "cwe": "CWE-190", + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary" } ] @@ -2844,177 +3026,8 @@ "version": "13" }, "package": { - "name": "openssl", - "version": "3.5.4-1~deb13u1" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-69419", - "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.5.4-1~deb13u2" - } - } - ], - "artifact": { - "id": "cd60076a5535e1af", - "name": "libssl3t64", - "version": "3.5.4-1~deb13u1", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libssl3t64", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/libssl3t64/copyright", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/usr/share/doc/libssl3t64/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "annotations": { - "evidence": "supporting" - } - } - ], - "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], - "cpes": [ - "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", - "upstreams": [ - { - "name": "openssl" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2025-12818", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-12818", - "namespace": "debian:distro:debian:13", - "severity": "Medium", - "urls": [], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.2238, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ], - "fix": { - "versions": [ - "17.7-0+deb13u1" - ], - "state": "fixed", - "available": [ - { - "version": "17.7-0+deb13u1", - "date": "2026-01-19", - "kind": "first-observed" - } - ] - }, - "advisories": [], - "risk": 0.040330000000000005 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-12818", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-12818", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://www.postgresql.org/support/security/CVE-2025-12818/" - ], - "description": "Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.", - "cvss": [ - { - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-12818", - "epss": 0.00074, - "percentile": 0.2238, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-12818", - "cwe": "CWE-190", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "postgresql-17", - "version": "17.6-0+deb13u1" + "name": "postgresql-17", + "version": "17.6-0+deb13u1" }, "namespace": "debian:distro:debian:13" }, @@ -3081,8 +3094,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -3129,8 +3142,8 @@ { "cve": "CVE-2025-15281", "epss": 0.00053, - "percentile": 0.16639, - "date": "2026-02-23" + "percentile": 0.16377, + "date": "2026-03-09" } ], "cwes": [ @@ -3241,101 +3254,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2025-29478", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-29478", - "epss": 0.00071, - "percentile": 0.2163, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-29478", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "" - }, - "advisories": [], - "risk": 0.037275 - }, - "relatedVulnerabilities": [], - "matchDetails": [ - { - "type": "cpe-match", - "matcher": "stock-matcher", - "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" - ], - "package": { - "name": "fluent-bit", - "version": "4.2.2" - } - }, - "found": { - "vulnerabilityID": "CVE-2025-29478", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] - } - } - ], - "artifact": { - "id": "4bf1f6f079d3164c", - "name": "fluent-bit", - "version": "4.2.2", - "type": "binary", - "locations": [ - { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:389679d63ab333a8f66731ea1ca44c92298c8346f1b5fd0f859f38645c8af44d", - "accessPath": "/fluent-bit/bin/fluent-bit", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" - ], - "purl": "pkg:github/fluent/fluent-bit@4.2.2", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2026-22796", @@ -3361,9 +3279,9 @@ "epss": [ { "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ @@ -3393,7 +3311,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.03605 + "risk": 0.039654999999999996 }, "relatedVulnerabilities": [ { @@ -3427,9 +3345,9 @@ "epss": [ { "cve": "CVE-2026-22796", - "epss": 0.0007, - "percentile": 0.21552, - "date": "2026-02-23" + "epss": 0.00077, + "percentile": 0.22754, + "date": "2026-03-09" } ], "cwes": [ @@ -3517,191 +3435,97 @@ }, { "vulnerability": { - "id": "CVE-2019-1010024", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], + "id": "CVE-2025-29478", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29478", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70329, - "date": "2026-02-23" + "cve": "CVE-2025-29478", + "epss": 0.00071, + "percentile": 0.21438, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29478", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.0323 + "risk": 0.037275 }, - "relatedVulnerabilities": [ - { - "id": "CVE-2019-1010024", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "http://www.securityfocus.com/bid/109162", - "https://security-tracker.debian.org/tracker/CVE-2019-1010024", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", - "https://support.f5.com/csp/article/K06046097", - "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010024" - ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2019-1010024", - "epss": 0.00646, - "percentile": 0.70329, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2019-1010024", - "cwe": "CWE-200", - "source": "nvd@nist.gov", - "type": "Primary" - } - ] - } - ], + "relatedVulnerabilities": [], "matchDetails": [ { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", + "type": "cpe-match", + "matcher": "stock-matcher", "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" + ], "package": { - "name": "glibc", - "version": "2.41-12" - }, - "namespace": "debian:distro:debian:13" + "name": "fluent-bit", + "version": "4.2.2" + } }, "found": { - "vulnerabilityID": "CVE-2019-1010024", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-29478", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", - "type": "deb", + "id": "4bf1f6f079d3164c", + "name": "fluent-bit", + "version": "4.2.2", + "type": "binary", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:389679d63ab333a8f66731ea1ca44c92298c8346f1b5fd0f859f38645c8af44d", + "accessPath": "/fluent-bit/bin/fluent-bit", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:github/fluent/fluent-bit@4.2.2", + "upstreams": [] } }, { @@ -3729,9 +3553,9 @@ "epss": [ { "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ @@ -3756,7 +3580,7 @@ ] }, "advisories": [], - "risk": 0.032155 + "risk": 0.03488000000000001 }, "relatedVulnerabilities": [ { @@ -3789,9 +3613,9 @@ "epss": [ { "cve": "CVE-2025-66199", - "epss": 0.00059, - "percentile": 0.18433, - "date": "2026-02-23" + "epss": 0.00064, + "percentile": 0.19756, + "date": "2026-03-09" } ], "cwes": [ @@ -3879,97 +3703,191 @@ }, { "vulnerability": { - "id": "CVE-2025-29477", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" - ], - "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 0.8, - "impactScore": 4.8 - }, - "vendorMetadata": {} - } - ], + "id": "CVE-2019-1010024", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-29477", - "epss": 0.00053, - "percentile": 0.16638, - "date": "2026-02-23" + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70355, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-29477", - "cwe": "CWE-400", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" } ], "fix": { "versions": [], - "state": "" + "state": "not-fixed" }, "advisories": [], - "risk": 0.027825000000000003 + "risk": 0.0323 }, - "relatedVulnerabilities": [], - "matchDetails": [ + "relatedVulnerabilities": [ { - "type": "cpe-match", - "matcher": "stock-matcher", + "id": "CVE-2019-1010024", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010024", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "http://www.securityfocus.com/bid/109162", + "https://security-tracker.debian.org/tracker/CVE-2019-1010024", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22852", + "https://support.f5.com/csp/article/K06046097", + "https://support.f5.com/csp/article/K06046097?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010024" + ], + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010024", + "epss": 0.00646, + "percentile": 0.70355, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2019-1010024", + "cwe": "CWE-200", + "source": "nvd@nist.gov", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", "searchedBy": { - "namespace": "nvd:cpe", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" - ], + "distro": { + "type": "debian", + "version": "13" + }, "package": { - "name": "fluent-bit", - "version": "4.2.2" - } + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-29477", - "versionConstraint": "none (unknown)", - "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" - ] + "vulnerabilityID": "CVE-2019-1010024", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "4bf1f6f079d3164c", - "name": "fluent-bit", - "version": "4.2.2", - "type": "binary", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", + "type": "deb", "locations": [ { - "path": "/fluent-bit/bin/fluent-bit", - "layerID": "sha256:389679d63ab333a8f66731ea1ca44c92298c8346f1b5fd0f859f38645c8af44d", - "accessPath": "/fluent-bit/bin/fluent-bit", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], "cpes": [ - "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" ], - "purl": "pkg:github/fluent/fluent-bit@4.2.2", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { @@ -3997,9 +3915,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -4024,7 +3942,7 @@ ] }, "advisories": [], - "risk": 0.026160000000000003 + "risk": 0.02834 }, "relatedVulnerabilities": [ { @@ -4057,9 +3975,9 @@ "epss": [ { "cve": "CVE-2025-15468", - "epss": 0.00048, - "percentile": 0.14757, - "date": "2026-02-23" + "epss": 0.00052, + "percentile": 0.15861, + "date": "2026-03-09" } ], "cwes": [ @@ -4147,83 +4065,302 @@ }, { "vulnerability": { - "id": "CVE-2018-6829", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [], + "id": "CVE-2025-29477", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-29477", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md" + ], + "description": "An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 0.8, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66163, - "date": "2026-02-23" + "cve": "CVE-2025-29477", + "epss": 0.00053, + "percentile": 0.16375, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2018-6829", - "cwe": "CWE-327", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-29477", + "cwe": "CWE-400", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "" }, "advisories": [], - "risk": 0.025750000000000002 + "risk": 0.027825000000000003 }, - "relatedVulnerabilities": [ + "relatedVulnerabilities": [], + "matchDetails": [ { - "id": "CVE-2018-6829", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", - "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", - "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", - "https://www.oracle.com/security-alerts/cpujan2020.html" - ], - "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "metrics": { - "baseScore": 5, - "exploitabilityScore": 10, - "impactScore": 2.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2018-6829", - "epss": 0.00515, - "percentile": 0.66163, - "date": "2026-02-23" + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" + ], + "package": { + "name": "fluent-bit", + "version": "4.2.2" } - ], + }, + "found": { + "vulnerabilityID": "CVE-2025-29477", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "4bf1f6f079d3164c", + "name": "fluent-bit", + "version": "4.2.2", + "type": "binary", + "locations": [ + { + "path": "/fluent-bit/bin/fluent-bit", + "layerID": "sha256:389679d63ab333a8f66731ea1ca44c92298c8346f1b5fd0f859f38645c8af44d", + "accessPath": "/fluent-bit/bin/fluent-bit", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:treasuredata:fluent_bit:4.2.2:*:*:*:*:*:*:*" + ], + "purl": "pkg:github/fluent/fluent-bit@4.2.2", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2024-2236", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67585, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.0275 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2024-2236", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://access.redhat.com/errata/RHSA-2024:9404", + "https://access.redhat.com/errata/RHSA-2025:3530", + "https://access.redhat.com/errata/RHSA-2025:3534", + "https://access.redhat.com/security/cve/CVE-2024-2236", + "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" + ], + "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 5.9, + "exploitabilityScore": 2.3, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2024-2236", + "epss": 0.0055, + "percentile": 0.67585, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2024-2236", + "cwe": "CWE-385", + "source": "secalert@redhat.com", + "type": "Primary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-direct-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "libgcrypt20", + "version": "1.11.0-7" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2024-2236", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "5826072934743d2f", + "name": "libgcrypt20", + "version": "1.11.0-7", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgcrypt20", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2018-6829", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2018-6829", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66224, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2018-6829", + "cwe": "CWE-327", + "source": "nvd@nist.gov", + "type": "Primary" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.025750000000000002 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2018-6829", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2018-6829", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", + "https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki", + "https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html", + "https://www.oracle.com/security-alerts/cpujan2020.html" + ], + "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "metrics": { + "baseScore": 5, + "exploitabilityScore": 10, + "impactScore": 2.9 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2018-6829", + "epss": 0.00515, + "percentile": 0.66224, + "date": "2026-03-09" + } + ], "cwes": [ { "cve": "CVE-2018-6829", @@ -4305,8 +4442,8 @@ { "cve": "CVE-2026-2003", "epss": 0.00049, - "percentile": 0.15197, - "date": "2026-02-23" + "percentile": 0.14888, + "date": "2026-03-09" } ], "cwes": [ @@ -4366,8 +4503,8 @@ { "cve": "CVE-2026-2003", "epss": 0.00049, - "percentile": 0.15197, - "date": "2026-02-23" + "percentile": 0.14888, + "date": "2026-03-09" } ], "cwes": [ @@ -4458,8 +4595,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20362, - "date": "2026-02-23" + "percentile": 0.20185, + "date": "2026-03-09" } ], "cwes": [ @@ -4514,8 +4651,8 @@ { "cve": "CVE-2025-12817", "epss": 0.00066, - "percentile": 0.20362, - "date": "2026-02-23" + "percentile": 0.20185, + "date": "2026-03-09" } ], "cwes": [ @@ -4606,8 +4743,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00039, - "percentile": 0.11852, - "date": "2026-02-23" + "percentile": 0.11553, + "date": "2026-03-09" } ], "cwes": [ @@ -4655,8 +4792,8 @@ { "cve": "CVE-2025-14819", "epss": 0.00039, - "percentile": 0.11852, - "date": "2026-02-23" + "percentile": 0.11553, + "date": "2026-03-09" } ], "cwes": [ @@ -4720,173 +4857,19 @@ }, { "vulnerability": { - "id": "CVE-2025-14831", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", + "id": "CVE-2010-4756", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Primary" - } - ], - "fix": { - "versions": [ - "3.8.9-3+deb13u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.8.9-3+deb13u2", - "date": "2026-02-18", - "kind": "advisory" - } - ] - }, - "advisories": [ - { - "id": "DSA-6140-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" - } - ], - "risk": 0.020085 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2025-14831", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-14831", - "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" - ], - "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-14831", - "epss": 0.00039, - "percentile": 0.1166, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-14831", - "cwe": "CWE-407", - "source": "secalert@redhat.com", - "type": "Primary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "gnutls28", - "version": "3.8.9-3" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2025-14831", - "versionConstraint": "< 3.8.9-3+deb13u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.8.9-3+deb13u2" - } - } - ], - "artifact": { - "id": "0e0d3baf82fb14d6", - "name": "libgnutls30t64", - "version": "3.8.9-3", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgnutls30t64", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", - "upstreams": [ - { - "name": "gnutls28" - } - ] - } - }, - { - "vulnerability": { - "id": "CVE-2010-4756", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2010-4756", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2010-4756", - "epss": 0.00394, - "percentile": 0.59824, - "date": "2026-02-23" + "cve": "CVE-2010-4756", + "epss": 0.00394, + "percentile": 0.59883, + "date": "2026-03-09" } ], "cwes": [ @@ -4937,8 +4920,8 @@ { "cve": "CVE-2010-4756", "epss": 0.00394, - "percentile": 0.59824, - "date": "2026-02-23" + "percentile": 0.59883, + "date": "2026-03-09" } ], "cwes": [ @@ -5051,86 +5034,103 @@ }, { "vulnerability": { - "id": "CVE-2019-1010023", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "id": "CVE-2025-14831", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-14831", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", - "cvss": [], + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00322, - "percentile": 0.54833, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.8.9-3+deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.8.9-3+deb13u2", + "date": "2026-02-18", + "kind": "advisory" + } + ] }, - "advisories": [], - "risk": 0.0161 + "advisories": [ + { + "id": "DSA-6140-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6140-1" + } + ], + "risk": 0.019055 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010023", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "id": "CVE-2025-14831", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-14831", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "http://www.securityfocus.com/bid/109167", - "https://security-tracker.debian.org/tracker/CVE-2019-1010023", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", - "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", - "https://ubuntu.com/security/CVE-2019-1010023" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-14831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2423177" ], - "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.8, - "exploitabilityScore": 2.9, - "impactScore": 5.9 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "metrics": { - "baseScore": 6.8, - "exploitabilityScore": 8.6, - "impactScore": 6.5 - }, - "vendorMetadata": {} - }, - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "source": "secalert@redhat.com", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 5.4, - "exploitabilityScore": 2.9, - "impactScore": 2.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010023", - "epss": 0.00322, - "percentile": 0.54833, - "date": "2026-02-23" + "cve": "CVE-2025-14831", + "epss": 0.00037, + "percentile": 0.10602, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-14831", + "cwe": "CWE-407", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -5145,19 +5145,157 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "gnutls28", + "version": "3.8.9-3" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010023", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-14831", + "versionConstraint": "< 3.8.9-3+deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.8.9-3+deb13u2" } } ], "artifact": { - "id": "2cb52e846633a3fb", + "id": "0e0d3baf82fb14d6", + "name": "libgnutls30t64", + "version": "3.8.9-3", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libgnutls30t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", + "annotations": { + "evidence": "primary" + } + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", + "upstreams": [ + { + "name": "gnutls28" + } + ] + } + }, + { + "vulnerability": { + "id": "CVE-2019-1010023", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "namespace": "debian:distro:debian:13", + "severity": "Negligible", + "urls": [], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54089, + "date": "2026-03-09" + } + ], + "fix": { + "versions": [], + "state": "not-fixed" + }, + "advisories": [], + "risk": 0.01565 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2019-1010023", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010023", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://www.securityfocus.com/bid/109167", + "https://security-tracker.debian.org/tracker/CVE-2019-1010023", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22851", + "https://support.f5.com/csp/article/K11932200?utm_source=f5support&%3Butm_medium=RSS", + "https://ubuntu.com/security/CVE-2019-1010023" + ], + "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "metrics": { + "baseScore": 8.8, + "exploitabilityScore": 2.9, + "impactScore": 5.9 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 6.8, + "exploitabilityScore": 8.6, + "impactScore": 6.5 + }, + "vendorMetadata": {} + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "metrics": { + "baseScore": 5.4, + "exploitabilityScore": 2.9, + "impactScore": 2.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2019-1010023", + "epss": 0.00313, + "percentile": 0.54089, + "date": "2026-03-09" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "glibc", + "version": "2.41-12" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2019-1010023", + "versionConstraint": "none (unknown)" + } + } + ], + "artifact": { + "id": "2cb52e846633a3fb", "name": "libc6", "version": "2.41-12", "type": "deb", @@ -5259,8 +5397,8 @@ { "cve": "CVE-2025-14524", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -5309,8 +5447,8 @@ { "cve": "CVE-2025-14524", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -5398,8 +5536,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -5446,8 +5584,8 @@ { "cve": "CVE-2026-0915", "epss": 0.00019, - "percentile": 0.04651, - "date": "2026-02-23" + "percentile": 0.04647, + "date": "2026-03-09" } ], "cwes": [ @@ -5558,130 +5696,6 @@ ] } }, - { - "vulnerability": { - "id": "CVE-2024-2236", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-2236", - "namespace": "debian:distro:debian:13", - "severity": "Negligible", - "urls": [], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44529, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "not-fixed" - }, - "advisories": [], - "risk": 0.011100000000000002 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2024-2236", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-2236", - "namespace": "nvd:cpe", - "severity": "Medium", - "urls": [ - "https://access.redhat.com/errata/RHSA-2024:9404", - "https://access.redhat.com/errata/RHSA-2025:3530", - "https://access.redhat.com/errata/RHSA-2025:3534", - "https://access.redhat.com/security/cve/CVE-2024-2236", - "https://bugzilla.redhat.com/show_bug.cgi?id=2245218", - "https://bugzilla.redhat.com/show_bug.cgi?id=2268268" - ], - "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "metrics": { - "baseScore": 5.9, - "exploitabilityScore": 2.3, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2024-2236", - "epss": 0.00222, - "percentile": 0.44529, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2024-2236", - "cwe": "CWE-208", - "source": "secalert@redhat.com", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "libgcrypt20", - "version": "1.11.0-7" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2024-2236", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "5826072934743d2f", - "name": "libgcrypt20", - "version": "1.11.0-7", - "type": "deb", - "locations": [ - { - "path": "/var/lib/dpkg/status.d/libgcrypt20", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgcrypt20", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:libgcrypt20:libgcrypt20:1.11.0-7:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/debian/libgcrypt20@1.11.0-7?arch=amd64&distro=debian-13", - "upstreams": [] - } - }, { "vulnerability": { "id": "CVE-2020-15719", @@ -5695,8 +5709,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43918, - "date": "2026-02-23" + "percentile": 0.43824, + "date": "2026-03-09" } ], "cwes": [ @@ -5760,8 +5774,8 @@ { "cve": "CVE-2020-15719", "epss": 0.00216, - "percentile": 0.43918, - "date": "2026-02-23" + "percentile": 0.43824, + "date": "2026-03-09" } ], "cwes": [ @@ -5835,9 +5849,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5853,7 +5867,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -5883,9 +5897,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5968,9 +5982,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -5986,7 +6000,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6016,9 +6030,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6092,9 +6106,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6110,7 +6124,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6140,9 +6154,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6221,9 +6235,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6239,7 +6253,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0106 + "risk": 0.0103 }, "relatedVulnerabilities": [ { @@ -6269,9 +6283,9 @@ "epss": [ { "cve": "CVE-2024-26458", - "epss": 0.00212, - "percentile": 0.43562, - "date": "2026-02-23" + "epss": 0.00206, + "percentile": 0.42713, + "date": "2026-03-09" } ], "cwes": [ @@ -6358,9 +6372,9 @@ "epss": [ { "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ @@ -6390,7 +6404,7 @@ "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" } ], - "risk": 0.007874999999999998 + "risk": 0.008925 }, "relatedVulnerabilities": [ { @@ -6424,9 +6438,9 @@ "epss": [ { "cve": "CVE-2026-22795", - "epss": 0.00015, - "percentile": 0.03073, - "date": "2026-02-23" + "epss": 0.00017, + "percentile": 0.03749, + "date": "2026-03-09" } ], "cwes": [ @@ -6514,105 +6528,99 @@ }, { "vulnerability": { - "id": "CVE-2025-68160", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", - "cvss": [ + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "cvss": [], + "epss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "cve": "CVE-2023-31437", + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { - "versions": [ - "3.5.4-1~deb13u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.5.4-1~deb13u2", - "date": "2026-01-27", - "kind": "advisory" - } - ] + "versions": [], + "state": "not-fixed" }, - "advisories": [ - { - "id": "DSA-6113-1", - "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" - } - ], - "risk": 0.00679 + "advisories": [], + "risk": 0.008 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-68160", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", - "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", - "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", - "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", - "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "metrics": { + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 + }, + "vendorMetadata": {} + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-68160", - "epss": 0.00014, - "percentile": 0.02559, - "date": "2026-02-23" + "cve": "CVE-2023-31437", + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-68160", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "nvd@nist.gov", + "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -6628,92 +6636,74 @@ "version": "13" }, "package": { - "name": "openssl", - "version": "3.5.4-1~deb13u1" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-68160", - "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.5.4-1~deb13u2" + "vulnerabilityID": "CVE-2023-31437", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd60076a5535e1af", - "name": "libssl3t64", - "version": "3.5.4-1~deb13u1", + "id": "4f3b916d8498c51d", + "name": "libsystemd0", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3t64", + "path": "/var/lib/dpkg/status.d/libsystemd0", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "accessPath": "/var/lib/dpkg/status.d/libsystemd0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libssl3t64/copyright", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/usr/share/doc/libssl3t64/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", "upstreams": [ { - "name": "openssl" + "name": "systemd" } ] } }, { "vulnerability": { - "id": "CVE-2019-1010022", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "id": "CVE-2023-31437", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.32792, - "date": "2026-02-23" + "cve": "CVE-2023-31437", + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ], "fix": { @@ -6721,68 +6711,73 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00655 + "risk": 0.008 }, "relatedVulnerabilities": [ { - "id": "CVE-2019-1010022", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", + "id": "CVE-2023-31437", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", "namespace": "nvd:cpe", - "severity": "Critical", + "severity": "Medium", "urls": [ - "https://security-tracker.debian.org/tracker/CVE-2019-1010022", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", - "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", - "https://ubuntu.com/security/CVE-2019-1010022" + "https://github.com/kastel-security/Journald", + "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", + "https://github.com/systemd/systemd/releases" ], - "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", + "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.0", - "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 9.8, + "baseScore": 5.3, "exploitabilityScore": 3.9, - "impactScore": 5.9 + "impactScore": 1.5 }, "vendorMetadata": {} }, { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 10, - "impactScore": 6.5 + "baseScore": 5.3, + "exploitabilityScore": 3.9, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2019-1010022", - "epss": 0.00131, - "percentile": 0.32792, - "date": "2026-02-23" + "cve": "CVE-2023-31437", + "epss": 0.0016, + "percentile": 0.3668, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2019-1010022", - "cwe": "CWE-119", + "cve": "CVE-2023-31437", + "cwe": "CWE-354", "source": "nvd@nist.gov", "type": "Primary" + }, + { + "cve": "CVE-2023-31437", + "cwe": "CWE-354", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -6790,189 +6785,326 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2019-1010022", + "vulnerabilityID": "CVE-2023-31437", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "8105926f22d394d9", + "name": "systemd", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" + "licenses": [], + "cpes": [ + "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + ], + "purl": "pkg:deb/systemd@257.9-1~deb13u1", + "upstreams": [] + } + }, + { + "vulnerability": { + "id": "CVE-2025-68160", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-68160", + "namespace": "debian:distro:debian:13", + "severity": "Medium", + "urls": [], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading to Denial of Service for an application. The line-buffering BIO filter (BIO_f_linebuffer) is not used by default in TLS/SSL data paths. In OpenSSL command-line applications, it is typically only pushed onto stdout/stderr on VMS systems. Third-party applications that explicitly use this filter with a BIO chain that can short-write and that write large, newline-free data influenced by an attacker would be affected. However, the circumstances where this could happen are unlikely to be under attacker control, and BIO_f_linebuffer is unlikely to be handling non-curated data controlled by an attacker. For that reason the issue was assessed as Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the BIO implementation is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ], + "fix": { + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-27", + "kind": "advisory" + } + ] + }, + "advisories": [ + { + "id": "DSA-6113-1", + "link": "https://security-tracker.debian.org/tracker/DSA-6113-1" + } + ], + "risk": 0.00776 + }, + "relatedVulnerabilities": [ + { + "id": "CVE-2025-68160", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-68160", + "namespace": "nvd:cpe", + "severity": "Medium", + "urls": [ + "https://github.com/openssl/openssl/commit/384011202af92605d926fafe4a0bcd6b65d162ad", + "https://github.com/openssl/openssl/commit/475c466ef2fbd8fc1df6fae1c3eed9c813fc8ff6", + "https://github.com/openssl/openssl/commit/4c96fbba618e1940f038012506ee9e21d32ee12c", + "https://github.com/openssl/openssl/commit/6845c3b6460a98b1ec4e463baa2ea1a63a32d7c0", + "https://github.com/openssl/openssl/commit/68a7cd2e2816c3a02f4d45a2ce43fc04fac97096", + "https://openssl-library.org/news/secadv/20260127.txt" + ], + "description": "Issue summary: Writing large, newline-free data into a BIO chain using the\nline-buffering filter where the next BIO performs short writes can trigger\na heap-based out-of-bounds write.\n\nImpact summary: This out-of-bounds write can cause memory corruption which\ntypically results in a crash, leading to Denial of Service for an application.\n\nThe line-buffering BIO filter (BIO_f_linebuffer) is not used by default in\nTLS/SSL data paths. In OpenSSL command-line applications, it is typically\nonly pushed onto stdout/stderr on VMS systems. Third-party applications that\nexplicitly use this filter with a BIO chain that can short-write and that\nwrite large, newline-free data influenced by an attacker would be affected.\nHowever, the circumstances where this could happen are unlikely to be under\nattacker control, and BIO_f_linebuffer is unlikely to be handling non-curated\ndata controlled by an attacker. For that reason the issue was assessed as\nLow severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the BIO implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], + "epss": [ + { + "cve": "CVE-2025-68160", + "epss": 0.00016, + "percentile": 0.03618, + "date": "2026-03-09" + } + ], + "cwes": [ + { + "cve": "CVE-2025-68160", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", + "type": "Secondary" + } + ] + } + ], + "matchDetails": [ + { + "type": "exact-indirect-match", + "matcher": "dpkg-matcher", + "searchedBy": { + "distro": { + "type": "debian", + "version": "13" + }, + "package": { + "name": "openssl", + "version": "3.5.4-1~deb13u1" + }, + "namespace": "debian:distro:debian:13" + }, + "found": { + "vulnerabilityID": "CVE-2025-68160", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" + } + } + ], + "artifact": { + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", + "type": "deb", + "locations": [ + { + "path": "/var/lib/dpkg/status.d/libssl3t64", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "annotations": { + "evidence": "primary" + } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } + } + ], + "language": "", + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" ], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "glibc" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2025-11187", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-11187", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", - "cvss": [], + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations. When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference. Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity. The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue. OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.", + "cvss": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "metrics": { + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" }, { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.5.4-1~deb13u2" + ], + "state": "fixed", + "available": [ + { + "version": "3.5.4-1~deb13u2", + "date": "2026-01-28", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.007214999999999999 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2025-11187", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://openssl-library.org/news/secadv/20260127.txt" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 - }, - "vendorMetadata": {} - }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 6.1, + "exploitabilityScore": 1.4, + "impactScore": 4.8 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "cve": "CVE-2025-11187", + "epss": 0.00013, + "percentile": 0.01937, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-11187", + "cwe": "CWE-476", + "source": "openssl-security@openssl.org", + "type": "Secondary" }, { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2025-11187", + "cwe": "CWE-787", + "source": "openssl-security@openssl.org", "type": "Secondary" } ] @@ -6988,74 +7120,92 @@ "version": "13" }, "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" + "name": "openssl", + "version": "3.5.4-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31437", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-11187", + "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" + }, + "fix": { + "suggestedVersion": "3.5.4-1~deb13u2" } } ], "artifact": { - "id": "4f3b916d8498c51d", - "name": "libsystemd0", - "version": "257.9-1~deb13u1", + "id": "cd60076a5535e1af", + "name": "libssl3t64", + "version": "3.5.4-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libsystemd0", + "path": "/var/lib/dpkg/status.d/libssl3t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libsystemd0", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libssl3t64/copyright", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/usr/share/doc/libssl3t64/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", + "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Apache-2.0", + "Artistic", + "GPL-1", + "GPL-1+" + ], "cpes": [ - "cpe:2.3:a:libsystemd0:libsystemd0:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64&distro=debian-13&upstream=systemd", + "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", "upstreams": [ { - "name": "systemd" + "name": "openssl" } ] } }, { "vulnerability": { - "id": "CVE-2023-31437", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2023-31437", + "id": "CVE-2019-1010022", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3258, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ], "fix": { @@ -7063,73 +7213,68 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.006400000000000001 + "risk": 0.00655 }, "relatedVulnerabilities": [ { - "id": "CVE-2023-31437", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2023-31437", + "id": "CVE-2019-1010022", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2019-1010022", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "Critical", "urls": [ - "https://github.com/kastel-security/Journald", - "https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf", - "https://github.com/systemd/systemd/releases" + "https://security-tracker.debian.org/tracker/CVE-2019-1010022", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850", + "https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3", + "https://ubuntu.com/security/CVE-2019-1010022" ], - "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", + "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "cvss": [ { "source": "nvd@nist.gov", "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0", + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 5.3, + "baseScore": 9.8, "exploitabilityScore": 3.9, - "impactScore": 1.5 + "impactScore": 5.9 }, "vendorMetadata": {} }, { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "metrics": { - "baseScore": 5.3, - "exploitabilityScore": 3.9, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2023-31437", - "epss": 0.00128, - "percentile": 0.3224, - "date": "2026-02-23" + "cve": "CVE-2019-1010022", + "epss": 0.00131, + "percentile": 0.3258, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", + "cve": "CVE-2019-1010022", + "cwe": "CWE-119", "source": "nvd@nist.gov", "type": "Primary" - }, - { - "cve": "CVE-2023-31437", - "cwe": "CWE-354", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary" } ] } ], "matchDetails": [ { - "type": "exact-direct-match", + "type": "exact-indirect-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -7137,147 +7282,178 @@ "version": "13" }, "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2023-31437", + "vulnerabilityID": "CVE-2019-1010022", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "8105926f22d394d9", - "name": "systemd", - "version": "257.9-1~deb13u1", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" + ], "cpes": [ - "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/systemd@257.9-1~deb13u1", - "upstreams": [] + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", + "upstreams": [ + { + "name": "glibc" + } + ] } }, { "vulnerability": { - "id": "CVE-2025-11187", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-11187", + "id": "CVE-2026-0861", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "High", "urls": [], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial of Service for an application that parses untrusted PKCS#12 files. The buffer overflow may also potentially enable code execution depending on platform mitigations. When verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2 salt and keylength parameters from the file are used without validation. If the value of keylength exceeds the size of the fixed stack buffer used for the derived key (64 bytes), the key derivation will overflow the buffer. The overflow length is attacker-controlled. Also, if the salt parameter is not an OCTET STRING type this can lead to invalid or NULL pointer dereference. Exploiting this issue requires a user or application to process a maliciously crafted PKCS#12 file. It is uncommon to accept untrusted PKCS#12 files in applications as they are usually used to store private keys which are trusted by definition. For this reason the issue was assessed as Moderate severity. The FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as PKCS#12 processing is outside the OpenSSL FIPS module boundary. OpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue. OpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do not support PBMAC1 in PKCS#12.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", - "type": "Secondary" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], - "fix": { - "versions": [ - "3.5.4-1~deb13u2" - ], - "state": "fixed", - "available": [ - { - "version": "3.5.4-1~deb13u2", - "date": "2026-01-28", - "kind": "first-observed" - } - ] + "cwes": [ + { + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", + "type": "Secondary" + } + ], + "fix": { + "versions": [], + "state": "wont-fix" }, "advisories": [], - "risk": 0.006104999999999999 + "risk": 0.006360000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-11187", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "id": "CVE-2026-0861", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", - "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", - "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", - "https://openssl-library.org/news/secadv/20260127.txt" + "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", + "http://www.openwall.com/lists/oss-security/2026/01/16/5" ], - "description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "metrics": { - "baseScore": 6.1, - "exploitabilityScore": 1.4, - "impactScore": 4.8 + "baseScore": 8.4, + "exploitabilityScore": 2.6, + "impactScore": 5.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-11187", - "epss": 0.00011, - "percentile": 0.01356, - "date": "2026-02-23" + "cve": "CVE-2026-0861", + "epss": 0.00008, + "percentile": 0.00662, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-11187", - "cwe": "CWE-476", - "source": "openssl-security@openssl.org", - "type": "Secondary" - }, - { - "cve": "CVE-2025-11187", - "cwe": "CWE-787", - "source": "openssl-security@openssl.org", + "cve": "CVE-2026-0861", + "cwe": "CWE-190", + "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", "type": "Secondary" } ] @@ -7293,46 +7469,43 @@ "version": "13" }, "package": { - "name": "openssl", - "version": "3.5.4-1~deb13u1" + "name": "glibc", + "version": "2.41-12" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-11187", - "versionConstraint": "< 3.5.4-1~deb13u2 (deb)" - }, - "fix": { - "suggestedVersion": "3.5.4-1~deb13u2" + "vulnerabilityID": "CVE-2026-0861", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "cd60076a5535e1af", - "name": "libssl3t64", - "version": "3.5.4-1~deb13u1", + "id": "2cb52e846633a3fb", + "name": "libc6", + "version": "2.41-12", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libssl3t64", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64", + "path": "/var/lib/dpkg/status.d/libc6", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6", "annotations": { "evidence": "primary" } }, { - "path": "/usr/share/doc/libssl3t64/copyright", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/usr/share/doc/libssl3t64/copyright", + "path": "/usr/share/doc/libc6/copyright", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/usr/share/doc/libc6/copyright", "annotations": { "evidence": "supporting" } }, { - "path": "/var/lib/dpkg/status.d/libssl3t64.md5sums", - "layerID": "sha256:d938b1709eb951a40b0fb8c8f53a3184d5967b8c451c91cce960ecffbda56cbc", - "accessPath": "/var/lib/dpkg/status.d/libssl3t64.md5sums", + "path": "/var/lib/dpkg/status.d/libc6.md5sums", + "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", + "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", "annotations": { "evidence": "supporting" } @@ -7340,18 +7513,46 @@ ], "language": "", "licenses": [ - "Apache-2.0", - "Artistic", - "GPL-1", - "GPL-1+" + "BSD-2-clause", + "BSD-3-clause-Berkeley", + "BSD-3-clause-Carnegie", + "BSD-3-clause-Oracle", + "BSD-3-clause-WIDE", + "BSD-like-Spencer", + "BSL-1.0", + "CORE-MATH", + "Carnegie", + "DEC", + "FSFAP", + "GPL-2", + "GPL-2+", + "GPL-2+-with-link-exception", + "GPL-3", + "GPL-3+", + "IBM", + "ISC", + "Inner-Net", + "LGPL-2", + "LGPL-2+", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1+-with-link-exception", + "LGPL-3", + "LGPL-3+", + "MIT-like-Lord", + "PCRE", + "SunPro", + "Unicode-DFS-2016", + "Univ-Coimbra", + "public-domain" ], "cpes": [ - "cpe:2.3:a:libssl3t64:libssl3t64:3.5.4-1\\~deb13u1:*:*:*:*:*:*:*" + "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libssl3t64@3.5.4-1~deb13u1?arch=amd64&distro=debian-13&upstream=openssl", + "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", "upstreams": [ { - "name": "openssl" + "name": "glibc" } ] } @@ -7368,9 +7569,9 @@ "epss": [ { "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ @@ -7386,7 +7587,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00625 }, "relatedVulnerabilities": [ { @@ -7418,9 +7619,9 @@ "epss": [ { "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ @@ -7494,9 +7695,9 @@ "epss": [ { "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ @@ -7512,7 +7713,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.005 + "risk": 0.00625 }, "relatedVulnerabilities": [ { @@ -7544,9 +7745,9 @@ "epss": [ { "cve": "CVE-2023-31438", - "epss": 0.001, - "percentile": 0.27874, - "date": "2026-02-23" + "epss": 0.00125, + "percentile": 0.31697, + "date": "2026-03-09" } ], "cwes": [ @@ -7561,141 +7762,7 @@ ], "matchDetails": [ { - "type": "exact-direct-match", - "matcher": "dpkg-matcher", - "searchedBy": { - "distro": { - "type": "debian", - "version": "13" - }, - "package": { - "name": "systemd", - "version": "257.9-1~deb13u1" - }, - "namespace": "debian:distro:debian:13" - }, - "found": { - "vulnerabilityID": "CVE-2023-31438", - "versionConstraint": "none (unknown)" - } - } - ], - "artifact": { - "id": "8105926f22d394d9", - "name": "systemd", - "version": "257.9-1~deb13u1", - "type": "deb", - "locations": [ - { - "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", - "annotations": { - "evidence": "primary" - } - } - ], - "language": "", - "licenses": [], - "cpes": [ - "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" - ], - "purl": "pkg:deb/systemd@257.9-1~deb13u1", - "upstreams": [] - } - }, - { - "vulnerability": { - "id": "CVE-2026-0861", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-0861", - "namespace": "debian:distro:debian:13", - "severity": "High", - "urls": [], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-0861", - "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ], - "fix": { - "versions": [], - "state": "wont-fix" - }, - "advisories": [], - "risk": 0.00477 - }, - "relatedVulnerabilities": [ - { - "id": "CVE-2026-0861", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-0861", - "namespace": "nvd:cpe", - "severity": "High", - "urls": [ - "https://sourceware.org/bugzilla/show_bug.cgi?id=33796", - "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001", - "http://www.openwall.com/lists/oss-security/2026/01/16/5" - ], - "description": "Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.\n\nNote that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc.\n\nTypically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments.", - "cvss": [ - { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "metrics": { - "baseScore": 8.4, - "exploitabilityScore": 2.6, - "impactScore": 5.9 - }, - "vendorMetadata": {} - } - ], - "epss": [ - { - "cve": "CVE-2026-0861", - "epss": 0.00006, - "percentile": 0.00337, - "date": "2026-02-23" - } - ], - "cwes": [ - { - "cve": "CVE-2026-0861", - "cwe": "CWE-190", - "source": "3ff69d7a-14f2-4f67-a097-88dee7810d18", - "type": "Secondary" - } - ] - } - ], - "matchDetails": [ - { - "type": "exact-indirect-match", + "type": "exact-direct-match", "matcher": "dpkg-matcher", "searchedBy": { "distro": { @@ -7703,92 +7770,39 @@ "version": "13" }, "package": { - "name": "glibc", - "version": "2.41-12" + "name": "systemd", + "version": "257.9-1~deb13u1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-0861", + "vulnerabilityID": "CVE-2023-31438", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2cb52e846633a3fb", - "name": "libc6", - "version": "2.41-12", + "id": "8105926f22d394d9", + "name": "systemd", + "version": "257.9-1~deb13u1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libc6", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6", + "path": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "annotations": { "evidence": "primary" } - }, - { - "path": "/usr/share/doc/libc6/copyright", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/usr/share/doc/libc6/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/libc6.md5sums", - "layerID": "sha256:28c0ac2bbd107e4451553fd4834cfd2f10115ce2204c8ae35b2c005e97921c9d", - "accessPath": "/var/lib/dpkg/status.d/libc6.md5sums", - "annotations": { - "evidence": "supporting" - } } ], "language": "", - "licenses": [ - "BSD-2-clause", - "BSD-3-clause-Berkeley", - "BSD-3-clause-Carnegie", - "BSD-3-clause-Oracle", - "BSD-3-clause-WIDE", - "BSD-like-Spencer", - "BSL-1.0", - "CORE-MATH", - "Carnegie", - "DEC", - "FSFAP", - "GPL-2", - "GPL-2+", - "GPL-2+-with-link-exception", - "GPL-3", - "GPL-3+", - "IBM", - "ISC", - "Inner-Net", - "LGPL-2", - "LGPL-2+", - "LGPL-2.1", - "LGPL-2.1+", - "LGPL-2.1+-with-link-exception", - "LGPL-3", - "LGPL-3+", - "MIT-like-Lord", - "PCRE", - "SunPro", - "Unicode-DFS-2016", - "Univ-Coimbra", - "public-domain" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:libc6:libc6:2.41-12:*:*:*:*:*:*:*" + "cpe:2.3:a:systemd:systemd:257.9-1\\~deb13u1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libc6@2.41-12?arch=amd64&distro=debian-13&upstream=glibc", - "upstreams": [ - { - "name": "glibc" - } - ] + "purl": "pkg:deb/systemd@257.9-1~deb13u1", + "upstreams": [] } }, { @@ -7803,9 +7817,9 @@ "epss": [ { "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ @@ -7821,7 +7835,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00585 }, "relatedVulnerabilities": [ { @@ -7853,9 +7867,9 @@ "epss": [ { "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ @@ -7929,9 +7943,9 @@ "epss": [ { "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ @@ -7947,7 +7961,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0047 + "risk": 0.00585 }, "relatedVulnerabilities": [ { @@ -7979,9 +7993,9 @@ "epss": [ { "cve": "CVE-2023-31439", - "epss": 0.00094, - "percentile": 0.26367, - "date": "2026-02-23" + "epss": 0.00117, + "percentile": 0.30532, + "date": "2026-03-09" } ], "cwes": [ @@ -8041,87 +8055,102 @@ }, { "vulnerability": { - "id": "CVE-2017-14159", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", + "id": "CVE-2025-9820", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", - "cvss": [], + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "cvss": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00092, - "percentile": 0.25901, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ], "fix": { - "versions": [], - "state": "not-fixed" + "versions": [ + "3.8.9-3+deb13u1" + ], + "state": "fixed", + "available": [ + { + "version": "3.8.9-3+deb13u1", + "date": "2026-01-11", + "kind": "first-observed" + } + ] }, "advisories": [], - "risk": 0.004600000000000001 + "risk": 0.00495 }, "relatedVulnerabilities": [ { - "id": "CVE-2017-14159", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", + "id": "CVE-2025-9820", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "http://www.openldap.org/its/index.cgi?findid=8703", - "https://www.oracle.com/security-alerts/cpuapr2022.html" + "https://access.redhat.com/errata/RHSA-2026:3477", + "https://access.redhat.com/security/cve/CVE-2025-9820", + "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", + "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", + "https://gitlab.com/gnutls/gnutls/-/issues/1732", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", + "http://www.openwall.com/lists/oss-security/2025/11/20/2" ], - "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "secalert@redhat.com", + "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 4.7, - "exploitabilityScore": 1.1, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "2.0", - "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "metrics": { - "baseScore": 1.9, - "exploitabilityScore": 3.4, - "impactScore": 2.9 + "baseScore": 4, + "exploitabilityScore": 2.6, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2017-14159", - "epss": 0.00092, - "percentile": 0.25901, - "date": "2026-02-23" + "cve": "CVE-2025-9820", + "epss": 0.00011, + "percentile": 0.01404, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2017-14159", - "cwe": "CWE-665", - "source": "nvd@nist.gov", - "type": "Primary" + "cve": "CVE-2025-9820", + "cwe": "CWE-121", + "source": "secalert@redhat.com", + "type": "Secondary" } ] } @@ -8136,27 +8165,30 @@ "version": "13" }, "package": { - "name": "openldap", - "version": "2.6.10+dfsg-1" + "name": "gnutls28", + "version": "3.8.9-3" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2017-14159", - "versionConstraint": "none (unknown)" + "vulnerabilityID": "CVE-2025-9820", + "versionConstraint": "< 3.8.9-3+deb13u1 (deb)" + }, + "fix": { + "suggestedVersion": "3.8.9-3+deb13u1" } } ], "artifact": { - "id": "46230cf5226e2e82", - "name": "libldap2", - "version": "2.6.10+dfsg-1", + "id": "0e0d3baf82fb14d6", + "name": "libgnutls30t64", + "version": "3.8.9-3", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libldap2", + "path": "/var/lib/dpkg/status.d/libgnutls30t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libldap2", + "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", "annotations": { "evidence": "primary" } @@ -8165,112 +8197,98 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" + "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", + "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", "upstreams": [ { - "name": "openldap" + "name": "gnutls28" } ] } }, { "vulnerability": { - "id": "CVE-2025-9820", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-9820", + "id": "CVE-2017-14159", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2017-14159", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", - "cvss": [ - { - "source": "secalert@redhat.com", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", - "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 - }, - "vendorMetadata": {} - } - ], + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", + "cvss": [], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2017-14159", + "epss": 0.00092, + "percentile": 0.25756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", "type": "Primary" } ], "fix": { - "versions": [ - "3.8.9-3+deb13u1" - ], - "state": "fixed", - "available": [ - { - "version": "3.8.9-3+deb13u1", - "date": "2026-01-11", - "kind": "first-observed" - } - ] + "versions": [], + "state": "not-fixed" }, "advisories": [], - "risk": 0.0045000000000000005 + "risk": 0.004600000000000001 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-9820", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-9820", + "id": "CVE-2017-14159", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2017-14159", "namespace": "nvd:cpe", "severity": "Medium", "urls": [ - "https://access.redhat.com/security/cve/CVE-2025-9820", - "https://bugzilla.redhat.com/show_bug.cgi?id=2392528", - "https://gitlab.com/gnutls/gnutls/-/commit/1d56f96f6ab5034d677136b9d50b5a75dff0faf5", - "https://gitlab.com/gnutls/gnutls/-/issues/1732", - "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-11-18", - "http://www.openwall.com/lists/oss-security/2025/11/20/2" + "http://www.openldap.org/its/index.cgi?findid=8703", + "https://www.oracle.com/security-alerts/cpuapr2022.html" ], - "description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", + "description": "slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command, as demonstrated by openldap-initscript.", "cvss": [ { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 4, - "exploitabilityScore": 2.6, - "impactScore": 1.5 + "baseScore": 4.7, + "exploitabilityScore": 1.1, + "impactScore": 3.6 + }, + "vendorMetadata": {} + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P", + "metrics": { + "baseScore": 1.9, + "exploitabilityScore": 3.4, + "impactScore": 2.9 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-9820", - "epss": 0.0001, - "percentile": 0.01105, - "date": "2026-02-23" + "cve": "CVE-2017-14159", + "epss": 0.00092, + "percentile": 0.25756, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-9820", - "cwe": "CWE-121", - "source": "secalert@redhat.com", + "cve": "CVE-2017-14159", + "cwe": "CWE-665", + "source": "nvd@nist.gov", "type": "Primary" } ] @@ -8286,30 +8304,27 @@ "version": "13" }, "package": { - "name": "gnutls28", - "version": "3.8.9-3" + "name": "openldap", + "version": "2.6.10+dfsg-1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-9820", - "versionConstraint": "< 3.8.9-3+deb13u1 (deb)" - }, - "fix": { - "suggestedVersion": "3.8.9-3+deb13u1" + "vulnerabilityID": "CVE-2017-14159", + "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "0e0d3baf82fb14d6", - "name": "libgnutls30t64", - "version": "3.8.9-3", + "id": "46230cf5226e2e82", + "name": "libldap2", + "version": "2.6.10+dfsg-1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgnutls30t64", + "path": "/var/lib/dpkg/status.d/libldap2", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgnutls30t64", + "accessPath": "/var/lib/dpkg/status.d/libldap2", "annotations": { "evidence": "primary" } @@ -8318,12 +8333,12 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgnutls30t64:libgnutls30t64:3.8.9-3:*:*:*:*:*:*:*" + "cpe:2.3:a:libldap2:libldap2:2.6.10\\+dfsg-1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgnutls30t64@3.8.9-3?arch=amd64&distro=debian-13&upstream=gnutls28", + "purl": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64&distro=debian-13&upstream=openldap", "upstreams": [ { - "name": "gnutls28" + "name": "openldap" } ] } @@ -8354,8 +8369,8 @@ { "cve": "CVE-2025-13034", "epss": 0.00008, - "percentile": 0.00625, - "date": "2026-02-23" + "percentile": 0.00651, + "date": "2026-03-09" } ], "cwes": [ @@ -8402,8 +8417,8 @@ { "cve": "CVE-2025-13034", "epss": 0.00008, - "percentile": 0.00625, - "date": "2026-02-23" + "percentile": 0.00651, + "date": "2026-03-09" } ], "cwes": [ @@ -8467,25 +8482,25 @@ }, { "vulnerability": { - "id": "CVE-2025-15224", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00072, - "percentile": 0.21926, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -8495,47 +8510,45 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0036 + "risk": 0.00405 }, "relatedVulnerabilities": [ { - "id": "CVE-2025-15224", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Low", + "severity": "High", "urls": [ - "https://curl.se/docs/CVE-2025-15224.html", - "https://curl.se/docs/CVE-2025-15224.json", - "https://hackerone.com/reports/3480925", - "http://www.openwall.com/lists/oss-security/2026/01/07/7" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 3.1, - "exploitabilityScore": 1.7, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2025-15224", - "epss": 0.00072, - "percentile": 0.21926, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2025-15224", - "cwe": "CWE-287", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -8552,27 +8565,27 @@ "version": "13" }, "package": { - "name": "curl", - "version": "8.14.1-2+deb13u2" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2025-15224", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "2c9e2faa683beba2", - "name": "libcurl4t64", - "version": "8.14.1-2+deb13u2", + "id": "b6ee860d702b8084", + "name": "libgssapi-krb5-2", + "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libcurl4t64", + "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", + "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", "annotations": { "evidence": "primary" } @@ -8581,114 +8594,95 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" + "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", + "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "curl" + "name": "krb5" } ] } }, { "vulnerability": { - "id": "CVE-2026-27171", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", + "id": "CVE-2024-26461", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "namespace": "debian:distro:debian:13", - "severity": "Medium", + "severity": "Negligible", "urls": [], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", - "cvss": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - } - ], + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "cvss": [], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ], "fix": { "versions": [], - "state": "wont-fix" + "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { - "id": "CVE-2026-27171", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "id": "CVE-2024-26461", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", "namespace": "nvd:cpe", - "severity": "Medium", + "severity": "High", "urls": [ - "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", - "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", - "https://github.com/madler/zlib/issues/904", - "https://github.com/madler/zlib/releases/tag/v1.3.2", - "https://ostif.org/zlib-audit-complete/" + "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", + "https://security.netapp.com/advisory/ntap-20240415-0011/" ], - "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "cvss": [ { - "source": "nvd@nist.gov", - "type": "Primary", - "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "metrics": { - "baseScore": 5.5, - "exploitabilityScore": 1.9, - "impactScore": 3.6 - }, - "vendorMetadata": {} - }, - { - "source": "cve@mitre.org", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 2.9, - "exploitabilityScore": 1.5, - "impactScore": 1.5 + "baseScore": 7.5, + "exploitabilityScore": 3.9, + "impactScore": 3.6 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2026-27171", - "epss": 0.00006, - "percentile": 0.00315, - "date": "2026-02-23" + "cve": "CVE-2024-26461", + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2026-27171", - "cwe": "CWE-1284", - "source": "cve@mitre.org", + "cve": "CVE-2024-26461", + "cwe": "CWE-770", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } ] @@ -8704,60 +8698,41 @@ "version": "13" }, "package": { - "name": "zlib", - "version": "1:1.3.dfsg+really1.3.1-1" + "name": "krb5", + "version": "1.21.3-5" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2026-27171", + "vulnerabilityID": "CVE-2024-26461", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "9624b8abfaf8a472", - "name": "zlib1g", - "version": "1:1.3.dfsg+really1.3.1-1+b1", + "id": "52ef833c1503e21a", + "name": "libk5crypto3", + "version": "1.21.3-5", "type": "deb", "locations": [ - { - "path": "/var/lib/dpkg/status.d/zlib1g", - "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/zlib1g", - "annotations": { - "evidence": "primary" - } - }, - { - "path": "/usr/share/doc/zlib1g/copyright", - "layerID": "sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0", - "accessPath": "/usr/share/doc/zlib1g/copyright", - "annotations": { - "evidence": "supporting" - } - }, - { - "path": "/var/lib/dpkg/status.d/zlib1g.md5sums", - "layerID": "sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0", - "accessPath": "/var/lib/dpkg/status.d/zlib1g.md5sums", + { + "path": "/var/lib/dpkg/status.d/libk5crypto3", + "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", + "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", "annotations": { - "evidence": "supporting" + "evidence": "primary" } } ], "language": "", - "licenses": [ - "Zlib" - ], + "licenses": [], "cpes": [ - "cpe:2.3:a:zlib1g:zlib1g:1\\:1.3.dfsg\\+really1.3.1-1\\+b1:*:*:*:*:*:*:*" + "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/zlib1g@1%3A1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64&distro=debian-13&upstream=zlib%401%3A1.3.dfsg%2Breally1.3.1-1", + "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { - "name": "zlib", - "version": "1:1.3.dfsg+really1.3.1-1" + "name": "krb5" } ] } @@ -8774,9 +8749,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8792,7 +8767,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8822,9 +8797,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8859,15 +8834,15 @@ } ], "artifact": { - "id": "b6ee860d702b8084", - "name": "libgssapi-krb5-2", + "id": "d4c94f2fc66f3184", + "name": "libkrb5-3", "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "path": "/var/lib/dpkg/status.d/libkrb5-3", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libgssapi-krb5-2", + "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", "annotations": { "evidence": "primary" } @@ -8876,18 +8851,14 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libgssapi-krb5-2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5-2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5_2:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi-krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi_krb5:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi-krb5-2:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libgssapi:libgssapi_krb5_2:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", + "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -8907,9 +8878,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8925,7 +8896,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.00405 }, "relatedVulnerabilities": [ { @@ -8955,9 +8926,9 @@ "epss": [ { "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "epss": 0.00081, + "percentile": 0.23808, + "date": "2026-03-09" } ], "cwes": [ @@ -8992,15 +8963,15 @@ } ], "artifact": { - "id": "52ef833c1503e21a", - "name": "libk5crypto3", + "id": "56fc39be304d53f0", + "name": "libkrb5support0", "version": "1.21.3-5", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libk5crypto3", + "path": "/var/lib/dpkg/status.d/libkrb5support0", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libk5crypto3", + "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", "annotations": { "evidence": "primary" } @@ -9009,9 +8980,9 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libk5crypto3:libk5crypto3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", "upstreams": [ { "name": "krb5" @@ -9021,25 +8992,25 @@ }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2025-15224", "namespace": "debian:distro:debian:13", "severity": "Negligible", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cvss": [], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2025-15224", + "epss": 0.00072, + "percentile": 0.21754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -9049,45 +9020,47 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.00315 + "risk": 0.0036 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2025-15224", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2025-15224", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Low", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://curl.se/docs/CVE-2025-15224.html", + "https://curl.se/docs/CVE-2025-15224.json", + "https://hackerone.com/reports/3480925", + "http://www.openwall.com/lists/oss-security/2026/01/07/7" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", "cvss": [ { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "baseScore": 3.1, + "exploitabilityScore": 1.7, + "impactScore": 1.5 }, "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2025-15224", + "epss": 0.00072, + "percentile": 0.21754, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", + "cve": "CVE-2025-15224", + "cwe": "CWE-287", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary" } @@ -9104,27 +9077,27 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "curl", + "version": "8.14.1-2+deb13u2" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2025-15224", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "d4c94f2fc66f3184", - "name": "libkrb5-3", - "version": "1.21.3-5", + "id": "2c9e2faa683beba2", + "name": "libcurl4t64", + "version": "8.14.1-2+deb13u2", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5-3", + "path": "/var/lib/dpkg/status.d/libcurl4t64", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libkrb5-3", + "accessPath": "/var/lib/dpkg/status.d/libcurl4t64", "annotations": { "evidence": "primary" } @@ -9133,91 +9106,114 @@ "language": "", "licenses": [], "cpes": [ - "cpe:2.3:a:libkrb5-3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5-3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5_3:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5-3:1.21.3-5:*:*:*:*:*:*:*", - "cpe:2.3:a:libkrb5:libkrb5_3:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:libcurl4t64:libcurl4t64:8.14.1-2\\+deb13u2:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/libcurl4t64@8.14.1-2%2Bdeb13u2?arch=amd64&distro=debian-13&upstream=curl", "upstreams": [ { - "name": "krb5" + "name": "curl" } ] } }, { "vulnerability": { - "id": "CVE-2024-26461", - "dataSource": "https://security-tracker.debian.org/tracker/CVE-2024-26461", + "id": "CVE-2026-27171", + "dataSource": "https://security-tracker.debian.org/tracker/CVE-2026-27171", "namespace": "debian:distro:debian:13", - "severity": "Negligible", + "severity": "Medium", "urls": [], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", - "cvss": [], + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "metrics": { + "baseScore": 5.5, + "exploitabilityScore": 1.9, + "impactScore": 3.6 + }, + "vendorMetadata": {} + } + ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ], "fix": { "versions": [], - "state": "not-fixed" + "state": "wont-fix" }, "advisories": [], "risk": 0.00315 }, "relatedVulnerabilities": [ { - "id": "CVE-2024-26461", - "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2024-26461", + "id": "CVE-2026-27171", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "namespace": "nvd:cpe", - "severity": "High", + "severity": "Medium", "urls": [ - "https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md", - "https://security.netapp.com/advisory/ntap-20240415-0011/" + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://ostif.org/zlib-audit-complete/" ], - "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", + "description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "cvss": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "version": "3.1", - "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "metrics": { - "baseScore": 7.5, - "exploitabilityScore": 3.9, + "baseScore": 5.5, + "exploitabilityScore": 1.9, "impactScore": 3.6 }, "vendorMetadata": {} + }, + { + "source": "cve@mitre.org", + "type": "Secondary", + "version": "3.1", + "vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "metrics": { + "baseScore": 2.9, + "exploitabilityScore": 1.5, + "impactScore": 1.5 + }, + "vendorMetadata": {} } ], "epss": [ { - "cve": "CVE-2024-26461", - "epss": 0.00063, - "percentile": 0.19771, - "date": "2026-02-23" + "cve": "CVE-2026-27171", + "epss": 0.00006, + "percentile": 0.0041, + "date": "2026-03-09" } ], "cwes": [ { - "cve": "CVE-2024-26461", - "cwe": "CWE-770", - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "cve": "CVE-2026-27171", + "cwe": "CWE-1284", + "source": "cve@mitre.org", "type": "Secondary" } ] @@ -9233,41 +9229,60 @@ "version": "13" }, "package": { - "name": "krb5", - "version": "1.21.3-5" + "name": "zlib", + "version": "1:1.3.dfsg+really1.3.1-1" }, "namespace": "debian:distro:debian:13" }, "found": { - "vulnerabilityID": "CVE-2024-26461", + "vulnerabilityID": "CVE-2026-27171", "versionConstraint": "none (unknown)" } } ], "artifact": { - "id": "56fc39be304d53f0", - "name": "libkrb5support0", - "version": "1.21.3-5", + "id": "9624b8abfaf8a472", + "name": "zlib1g", + "version": "1:1.3.dfsg+really1.3.1-1+b1", "type": "deb", "locations": [ { - "path": "/var/lib/dpkg/status.d/libkrb5support0", + "path": "/var/lib/dpkg/status.d/zlib1g", "layerID": "sha256:ec43d97265eff5bbc6255ab6e313b8955a301af0774bd8b7b9f032e7edde0822", - "accessPath": "/var/lib/dpkg/status.d/libkrb5support0", + "accessPath": "/var/lib/dpkg/status.d/zlib1g", "annotations": { "evidence": "primary" } + }, + { + "path": "/usr/share/doc/zlib1g/copyright", + "layerID": "sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0", + "accessPath": "/usr/share/doc/zlib1g/copyright", + "annotations": { + "evidence": "supporting" + } + }, + { + "path": "/var/lib/dpkg/status.d/zlib1g.md5sums", + "layerID": "sha256:e4ba966d7f0527dfe0fcb559e4e18d4da42c4e6beae924719255e0dedb554ed0", + "accessPath": "/var/lib/dpkg/status.d/zlib1g.md5sums", + "annotations": { + "evidence": "supporting" + } } ], "language": "", - "licenses": [], + "licenses": [ + "Zlib" + ], "cpes": [ - "cpe:2.3:a:libkrb5support0:libkrb5support0:1.21.3-5:*:*:*:*:*:*:*" + "cpe:2.3:a:zlib1g:zlib1g:1\\:1.3.dfsg\\+really1.3.1-1\\+b1:*:*:*:*:*:*:*" ], - "purl": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64&distro=debian-13&upstream=krb5", + "purl": "pkg:deb/debian/zlib1g@1%3A1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64&distro=debian-13&upstream=zlib%401%3A1.3.dfsg%2Breally1.3.1-1", "upstreams": [ { - "name": "krb5" + "name": "zlib", + "version": "1:1.3.dfsg+really1.3.1-1" } ] } @@ -9297,9 +9312,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -9324,7 +9339,7 @@ ] }, "advisories": [], - "risk": 0.002625 + "risk": 0.00315 }, "relatedVulnerabilities": [ { @@ -9355,9 +9370,9 @@ "epss": [ { "cve": "CVE-2025-15469", - "epss": 0.00005, - "percentile": 0.00211, - "date": "2026-02-23" + "epss": 0.00006, + "percentile": 0.00275, + "date": "2026-03-09" } ], "cwes": [ @@ -9469,8 +9484,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ @@ -9535,8 +9550,8 @@ { "cve": "CVE-2025-69418", "epss": 0.00005, - "percentile": 0.00212, - "date": "2026-02-23" + "percentile": 0.00249, + "date": "2026-03-09" } ], "cwes": [ @@ -9635,8 +9650,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -9702,8 +9717,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -9784,8 +9799,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -9851,8 +9866,8 @@ { "cve": "CVE-2013-4392", "epss": 0.00042, - "percentile": 0.12758, - "date": "2026-02-23" + "percentile": 0.12457, + "date": "2026-03-09" } ], "cwes": [ @@ -9929,8 +9944,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -9979,8 +9994,8 @@ { "cve": "CVE-2025-15079", "epss": 0.0003, - "percentile": 0.08699, - "date": "2026-02-23" + "percentile": 0.08381, + "date": "2026-03-09" } ], "cwes": [ @@ -10055,8 +10070,8 @@ { "cve": "CVE-2026-22185", "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ @@ -10110,8 +10125,8 @@ { "cve": "CVE-2026-22185", "epss": 0.0002, - "percentile": 0.05014, - "date": "2026-02-23" + "percentile": 0.05004, + "date": "2026-03-09" } ], "cwes": [ @@ -10191,9 +10206,9 @@ "epss": [ { "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.0283, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04357, + "date": "2026-03-09" } ], "fix": { @@ -10201,7 +10216,7 @@ "state": "not-fixed" }, "advisories": [], - "risk": 0.0007499999999999999 + "risk": 0.0009 }, "relatedVulnerabilities": [ { @@ -10234,9 +10249,9 @@ "epss": [ { "cve": "CVE-2025-10966", - "epss": 0.00015, - "percentile": 0.0283, - "date": "2026-02-23" + "epss": 0.00018, + "percentile": 0.04357, + "date": "2026-03-09" } ] } @@ -10303,8 +10318,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -10352,8 +10367,8 @@ { "cve": "CVE-2025-14017", "epss": 0.00007, - "percentile": 0.00545, - "date": "2026-02-23" + "percentile": 0.00568, + "date": "2026-03-09" } ], "cwes": [ @@ -10574,7 +10589,7 @@ }, "descriptor": { "name": "grype", - "version": "0.109.0", + "version": "0.109.1", "configuration": { "output": [ "json" @@ -10753,107 +10768,107 @@ "db": { "status": { "schemaVersion": "v6.1.4", - "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-02-24T00:30:34Z_1771914741.tar.zst?checksum=sha256%3Ab73bad6f7746d6a9b100bfa931c69b6a1fe92188827e5919f3b8ca35d0fa9aa1", - "built": "2026-02-24T06:32:21Z", + "from": "https://grype.anchore.io/databases/v6/vulnerability-db_v6.1.4_2026-03-10T00:28:10Z_1773123983.tar.zst?checksum=sha256%3Aee852e4bc48e4991c37d321256c5ddb97899cecf01be341ef844c68f44165f28", + "built": "2026-03-10T06:26:23Z", "path": ".cache/grype/db/6/vulnerability.db", "valid": true }, "providers": { "alma": { - "captured": "2026-02-24T00:30:38Z", - "input": "xxh64:1dd504698ddc1ccf" + "captured": "2026-03-10T00:28:42Z", + "input": "xxh64:914c7d889a9ad6e4" }, "alpine": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:3b06d7094fb3b33b" + "captured": "2026-03-10T00:29:23Z", + "input": "xxh64:25eafb15ac8f0457" }, "amazon": { - "captured": "2026-02-24T00:30:54Z", - "input": "xxh64:18553753e13be395" + "captured": "2026-03-10T00:28:51Z", + "input": "xxh64:f1524ad7fca6ccc5" }, "arch": { - "captured": "2026-02-24T00:30:55Z", - "input": "xxh64:3e60df2d65969864" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:4eed2069a473253d" }, "bitnami": { - "captured": "2026-02-24T00:30:51Z", - "input": "xxh64:632529669ced839f" + "captured": "2026-03-10T00:28:46Z", + "input": "xxh64:22340b5dbac27b45" }, "chainguard": { - "captured": "2026-02-24T00:30:52Z", - "input": "xxh64:455d2a23313e57c2" + "captured": "2026-03-10T00:30:34Z", + "input": "xxh64:fd3509f725533511" }, "chainguard-libraries": { - "captured": "2026-02-24T00:30:59Z", - "input": "xxh64:4f87624ccfa76d03" + "captured": "2026-03-10T00:29:01Z", + "input": "xxh64:085997f0850e7672" }, "debian": { - "captured": "2026-02-24T00:31:30Z", - "input": "xxh64:023b19fe31456eb3" + "captured": "2026-03-10T00:28:59Z", + "input": "xxh64:90f9c10c3453be35" }, "echo": { - "captured": "2026-02-24T00:30:53Z", - "input": "xxh64:d3d132fa080f1061" + "captured": "2026-03-10T00:29:32Z", + "input": "xxh64:9e17e49e2ae0d768" }, "eol": { - "captured": "2026-02-24T00:32:03Z", - "input": "xxh64:06eef905986e3de4" + "captured": "2026-03-10T00:28:41Z", + "input": "xxh64:6b1487e45bfe23c2" }, "epss": { - "captured": "2026-02-24T00:30:34Z", - "input": "xxh64:581a8093ded47125" + "captured": "2026-03-10T00:29:08Z", + "input": "xxh64:c400799398adc6a9" }, "fedora": { - "captured": "2026-02-24T00:30:47Z", - "input": "xxh64:5b319c0fa73681eb" + "captured": "2026-03-10T00:28:37Z", + "input": "xxh64:64cf8da43d1c7dba" }, "github": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:c6f4bb532ddd6802" + "captured": "2026-03-10T00:28:48Z", + "input": "xxh64:e65095049bbbdc06" }, "kev": { - "captured": "2026-02-24T00:34:43Z", - "input": "xxh64:be3f0dce0e26d698" + "captured": "2026-03-10T00:28:50Z", + "input": "xxh64:ab4d9286aeedd36c" }, "mariner": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:25605b31905dda4f" + "captured": "2026-03-10T00:28:56Z", + "input": "xxh64:8bddd8a5fb75e7bf" }, "minimos": { - "captured": "2026-02-24T00:30:40Z", - "input": "xxh64:52188509fbf2fb05" + "captured": "2026-03-10T00:29:46Z", + "input": "xxh64:f3d667690d5145b4" }, "nvd": { - "captured": "2026-02-24T00:31:44Z", - "input": "xxh64:72c2724c0237793e" + "captured": "2026-03-10T00:28:28Z", + "input": "xxh64:ea89de7a4cda0c74" }, "oracle": { - "captured": "2026-02-24T00:30:45Z", - "input": "xxh64:e9981478b056e165" + "captured": "2026-03-10T00:28:43Z", + "input": "xxh64:226d35a2f709e58f" }, "photon": { - "captured": "2026-02-24T00:30:48Z", - "input": "xxh64:2bc727400299b9b6" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:8da4574a8cf30ab1" }, "rhel": { - "captured": "2026-02-24T00:31:39Z", - "input": "xxh64:92ee65d1af44f681" + "captured": "2026-03-10T00:28:54Z", + "input": "xxh64:1fd0425e2eb8271a" }, "secureos": { - "captured": "2026-02-24T00:31:05Z", - "input": "xxh64:99bddf52da61d08e" + "captured": "2026-03-10T00:28:49Z", + "input": "xxh64:6e743e35d2d2d3ad" }, "sles": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:f1287f63cdc645bb" + "captured": "2026-03-10T00:28:10Z", + "input": "xxh64:d14c4d9c3ab004ea" }, "ubuntu": { - "captured": "2026-02-24T00:31:19Z", - "input": "xxh64:5ebcb0cd75ff784f" + "captured": "2026-03-10T00:29:57Z", + "input": "xxh64:38b59255718311cd" }, "wolfi": { - "captured": "2026-02-24T00:30:37Z", - "input": "xxh64:1cf26e9be819f07a" + "captured": "2026-03-10T00:28:45Z", + "input": "xxh64:b5f026d68146042e" } } } diff --git a/docs/security/oss/grype-4.2.2.md b/docs/security/oss/grype-4.2.2.md index 23b8009..baf96b1 100644 --- a/docs/security/oss/grype-4.2.2.md +++ b/docs/security/oss/grype-4.2.2.md @@ -6,22 +6,22 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | Package | Version Installed | Vulnerability ID | Severity | | --- | --- | --- | --- | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-15467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467) | Critical | +| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2026-2004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2004) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2026-2006](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2006) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2026-2005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2005) | High | -| libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420) | High | -| libtasn1-6 | 4.20.0-2 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69421](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421) | High | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69419](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419) | High | +| libtasn1-6 | 4.20.0-2 | [CVE-2025-13151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-13151) | High | | libc6 | 2.41-12 | [CVE-2025-15281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15281) | High | | libc6 | 2.41-12 | [CVE-2026-0915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0915) | High | | libc6 | 2.41-12 | [CVE-2026-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0861) | High | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12818](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12818) | Medium | -| fluent-bit | 4.2.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2026-22796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796) | Medium | +| fluent-bit | 4.2.2 | [CVE-2025-29478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29478) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-66199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199) | Medium | -| fluent-bit | 4.2.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-15468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468) | Medium | +| fluent-bit | 4.2.2 | [CVE-2025-29477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29477) | Medium | | libpq5 | 17.6-0+deb13u1 | [CVE-2026-2003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2003) | Medium | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-14819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14819) | Medium | | libgnutls30t64 | 3.8.9-3 | [CVE-2025-14831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14831) | Medium | @@ -36,38 +36,38 @@ Refer to the [triaged vulnerabilities](https://docs.fluent.do/security/triaged.h | libssl3t64 | 3.5.4-1~deb13u1 | [CVE-2025-69418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418) | Medium | | libpq5 | 17.6-0+deb13u1 | [CVE-2025-12817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12817) | Low | | libgnutls30t64 | 3.8.9-3 | [CVE-2011-3389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389) | Negligible | +| libldap2 | 2.6.10+dfsg-1 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2015-3276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3276) | Negligible | | libc6 | 2.41-12 | [CVE-2018-20796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20796) | Negligible | -| libldap2 | 2.6.10+dfsg-1 | [CVE-2017-17740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740) | Negligible | | libgssapi-krb5-2 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libk5crypto3 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5-3 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | | libkrb5support0 | 1.21.3-5 | [CVE-2018-5709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709) | Negligible | -| libc6 | 2.41-12 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.41-12 | [CVE-2019-9192](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9192) | Negligible | +| libc6 | 2.41-12 | [CVE-2019-1010025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010025) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010024](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010024) | Negligible | +| libgcrypt20 | 1.11.0-7 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libgcrypt20 | 1.11.0-7 | [CVE-2018-6829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829) | Negligible | | libc6 | 2.41-12 | [CVE-2010-4756](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756) | Negligible | | libc6 | 2.41-12 | [CVE-2019-1010023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010023) | Negligible | -| libgcrypt20 | 1.11.0-7 | [CVE-2024-2236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2236) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2020-15719](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15719) | Negligible | | libgssapi-krb5-2 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libk5crypto3 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5-3 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | | libkrb5support0 | 1.21.3-5 | [CVE-2024-26458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26458) | Negligible | -| libc6 | 2.41-12 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 257.9-1~deb13u1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | | systemd | 257.9-1~deb13u1 | [CVE-2023-31437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31437) | Negligible | +| libc6 | 2.41-12 | [CVE-2019-1010022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010022) | Negligible | | libsystemd0 | 257.9-1~deb13u1 | [CVE-2023-31438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31438) | Negligible | | systemd | 257.9-1~deb13u1 | [CVE-2023-31438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31438) | Negligible | | libsystemd0 | 257.9-1~deb13u1 | [CVE-2023-31439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31439) | Negligible | | systemd | 257.9-1~deb13u1 | [CVE-2023-31439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31439) | Negligible | | libldap2 | 2.6.10+dfsg-1 | [CVE-2017-14159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14159) | Negligible | -| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libgssapi-krb5-2 | 1.21.3-5 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libk5crypto3 | 1.21.3-5 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5-3 | 1.21.3-5 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | | libkrb5support0 | 1.21.3-5 | [CVE-2024-26461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26461) | Negligible | +| libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224) | Negligible | | libsystemd0 | 257.9-1~deb13u1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | systemd | 257.9-1~deb13u1 | [CVE-2013-4392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4392) | Negligible | | libcurl4t64 | 8.14.1-2+deb13u2 | [CVE-2025-15079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079) | Negligible |